Jump to content
READ ME - iOS Notifications - How To Enable - Guide

Beware of EBAY and PAYPAL!

mac11irl

By mac11irl
in The Technology Shed

 Share

Recommended Posts

mac11irl Veteran

mac11irl

Posted
Posted

hello fellows, not an Octavia problem, but.....

 

just to spread the word, i spent an hour on the phone to my bank, and paypal earier,

after noticing my online banking had a very high value of pending transactions.

Turns out my card details and or paypal account was hacked, and some turd bought 2 laptops with my money online and delivered in london.

 

Paypal are sorting it and refunding the money, but i learned after that chat about the "Heartbleed" attack on server systems.

through an article on it i found this link to test for vulnerability

 

http://filippo.io/Heartbleed/#www.paypal.com

 

as you can see from my test content paypal is vulnerable, and apparently ebay may not be fully sorted yet either....

 

so, after burning my cards and reporting them stolen, once im refunded, i think paypal shall be going bye bye...

 

worth using this to check out any other sites you use, and check your paypal accounts -

the laptops were bought on monday and yesterday, but werent on my paypal transaction history,

though the company could find them on their system.

Link to comment
Share on other sites
  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

mannyo
mannyo

Whereas I and many others have used ebay/paypal and online banking for years and have never had a problem. Use good strong passwords and memorable information thats difificult to guess and you'll not

Huwcymru
Huwcymru

I've posted this before but thought it might fit in here: Creating a password. Cabbage Sorry the password must be more than 8 characters. boiled cabbage Sorry the password must contain one numeri

sdenny
sdenny

Thanks - just set all my passwords to that. No one will be able to crack that one!!  

mac11irl Veteran

mac11irl

Posted
  • Author
Posted

hello fellows, not a Citigo problem, but.....

 

just to spread the word, i spent an hour on the phone to my bank, and paypal earier,

after noticing my online banking had a very high value of pending transactions.

Turns out my card details and or paypal account was hacked, and some turd bought 2 laptops with my money online and delivered in london.

 

Paypal are sorting it and refunding the money, but i learned after that chat about the "Heartbleed" attack on server systems.

through an article on it i found this link to test for vulnerability

 

http://filippo.io/Heartbleed/#www.paypal.com

 

as you can see from my test content paypal is vulnerable, and apparently ebay may not be fully sorted yet either....

 

so, after burning my cards and reporting them stolen, once im refunded, i think paypal shall be going bye bye...

 

worth using this to check out any other sites you use, and check your paypal accounts -

the laptops were bought on monday and yesterday, but werent on my paypal transaction history,

though the company could find them on their system.

Link to comment
Share on other sites
mannyo Veteran

mannyo

Posted
Posted

its not going to be the heartbleed thing you read about, that as usual is being blown out of all proportion, the usual cause of this happening is malware or a virus/keylogger on your home computer, or you have fallen foul of a phishing email or your password was to easy to guess.

 

the openssl "heartbleed" has been known about for some considerable time, its only just been made public and thats the only thing that has changed. You can be sure that paypal and ebay servers have been patched long ago, they would have had to do it to become PCI compliant and accept card payment transactions in exactly the same way we did at work last year.

Link to comment
Share on other sites
Mr Ree Experienced

Mr Ree

Posted
Posted

I haven't got a pay pal account, and have never used online banking for these very fearsome reasons.

Hateful and potentially downright dangerous and totally unreliable (one day) , the pair of them, as has now been proven.

Link to comment
Share on other sites
Sippo Proficient

Sippo

Posted
Posted

Can you actually USE Ebay without PP these days??

 

I ditched PP for stealing my money years ago, not even hacking as an excuse!!!

Yeah. You can use a card to pay a person via pay pal with out having a PayPal account.

Link to comment
Share on other sites
  • Popular Post
mannyo Veteran

mannyo

Posted
  • Popular Post
Posted

I haven't got a pay pal account, and have never used online banking for these very fearsome reasons.

Hateful and potentially downright dangerous and totally unreliable (one day) , the pair of them, as has now been proven.

 

Whereas I and many others have used ebay/paypal and online banking for years and have never had a problem. Use good strong passwords and memorable information thats difificult to guess and you'll not have a problem.

  • Like 7
Link to comment
Share on other sites
Mr Ree Experienced

Mr Ree

Posted
Posted (edited)

Whereas I and many others have used ebay/paypal and online banking for years and have never had a problem. Use good strong passwords and memorable information thats difificult to guess and you'll not have a problem.

 

 

Now you see, there lies the problem.

General sheeple are in the main, very lazy, and use the most crazy easy passwords.

On saying that, just look at how many different passwords and memorable information  we all need now.

 

I rang somewhere recently, and because I couldn't remember my 'memorable info' and they refused to prompt me, they had to terminate the call.

Advised me to ring back and try again.

Edited by Mr Ree
Link to comment
Share on other sites
gadgetman Grand Master

gadgetman

Posted
Posted

Too many people use relations names or their pet's name.

You need a good password like *2Hb4.pA

If a site rrefuses to allow punctuation characters simply mix upper & lower case with numbers and ensure a minimum of 8 characters for your password. Double that for email accounts or anywhere you have payment details stored and if you can, enable any security options that will send an alert to your mobile and and alternative email address.

As mannyo says, the major brands will have patched long ago before this went public.

Link to comment
Share on other sites
Mr Ree Experienced

Mr Ree

Posted
Posted

Too many people use relations names or their pet's name.

You need a good password like *2Hb4.pA

If a site rrefuses to allow punctuation characters simply mix upper & lower case with numbers and ensure a minimum of 8 characters for your password. Double that for email accounts or anywhere you have payment details stored and if you can, enable any security options that will send an alert to your mobile and and alternative email address.

As mannyo says, the major brands will have patched long ago before this went public.

....and pray, please do tell just HOW exactly you are supposed to remember that without actually writing it down?

Link to comment
Share on other sites
sdenny Experienced

sdenny

Posted
Posted

I've been told that there's software or programmes or something out there that can crack even that sort of password, so what's is the actual the point?

Well, i guess it the same as why you lock the front door on the way out, even though you know that if someone wanted to get in the house, they could quite easily smash a window.....

 

At the end of the day, any password can be cracked, but you'll probably get "secret" cracked before "*2Hb4.pA" is

Link to comment
Share on other sites
Aspman Veteran

Aspman

Posted
Posted

I've been told that theirs software out there that can crack even that sort of password, so what's the point?

 

It's all about probability.

 

Yes anything can be cracked given a bit of time so what you want to do is make your passwords reasonbaly awkward to reduce that probability that any one will bother.

So make you passwords of about 8 characters and add a symbol. A £ is a good option since it isn't on most keyboards and most hackers are actually pretty lazy. You need to defend yourself against the many poor hackers (script-kiddies).

 

You also try not to use the same password everywhere to reduce the scope of the damage if it does get out.

 

If a proper talented hacker wants to get you there isn't really much you can do about it. But you and me aren't really the targets of those guys.

 

Bruce Schneier has a free tool to let you store lots of passwords behind one big password. You just have to remember the bass-ass one not the little ones.

 

https://www.schneier.com/passsafe.html

Link to comment
Share on other sites
Mr Ree Experienced

Mr Ree

Posted
Posted (edited)

Whereas I and many others have used ebay/paypal and online banking for years and have never had a problem. Use good strong passwords and memorable information thats difificult to guess and you'll not have a problem.

I appreciate that,and it can be very convenient, but I'm also extremely untrusting of these massive institutions and therfore try and keep possible illegal activity to a bare minimum.

I don't even like telephone banking tbh, but that's near impossible not to do now.

 

I even hate giving my credit/debit card details out over the 'phone tbh, but that's essential now for telephone purchasing unfotunately....and Amazon, I mean, you have to enter your details on their site, and who knows who can leech that info out of there?

Edited by Mr Ree
Link to comment
Share on other sites
Aspman Veteran

Aspman

Posted
Posted

http://nakedsecurity.sophos.com/2014/04/10/heartbleed-heartache-should-you-really-change-all-your-passwords-right-away/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29

 

Reasonable article and some sensible advice.

 

i.e. don't change your passwords until you know the site is clean or you could just have your new passwords sniffed.

Link to comment
Share on other sites
Mr Ree Experienced

Mr Ree

Posted
Posted (edited)

http://nakedsecurity.sophos.com/2014/04/10/heartbleed-heartache-should-you-really-change-all-your-passwords-right-away/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29

 

Reasonable article and some sensible advice.

 

i.e. don't change your passwords until you know the site is clean or you could just have your new passwords sniffed.

It's an absolute minefield out there, especially for I.T. total numb nuts like me. :blush:

 

I mean, i didn't even know what a 'patch' was until this morning!! :blush:  :wall:

Edited by Mr Ree
  • Like 1
Link to comment
Share on other sites
Aspman Veteran

Aspman

Posted
Posted (edited)

This is an old un

 

password_strength.png

 

And actually not strictly true.

 

Passwords are basically finished these days. there isn't really much difference in difficulty from "Ban&n@3" and "3j*hr£44". Eight character passwords can be broken in less than an hour now.

 

 

This is the reason for the push to integrate things like Google Authenticator using one-time codes sent to you phone.

Two factor authentication should really be the norm for banks etc.

Edited by Aspman
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Community Partner

×
×
  • Create New...

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.