Not A Windows Server

Ask questions and give answers about computers, mobile devices, game boxes, PC security and all manner of geeky stuff.
Post Reply
User avatar
yogi
Posts: 8189
Joined: 14 Feb 2015, 21:49

Not A Windows Server

Post by yogi »

This might sound as if I'm gloating, and perhaps I am just a little. :mrgreen:

We all know how popular and safe LINUX operating systems are, right?
Well, here is a case where Hackers deploy Linux malware, web skimmer on eCommerce servers This is particularly scary to me given that I use a Linux virtual box most of the time when I do my online shopping and financial transactions. The malware in this incident is embedded inside a banner image. Nearly impossible to detect until it's too late.
User avatar
Kellemora
Posts: 5751
Joined: 16 Feb 2015, 17:54

Re: Not A Windows Server

Post by Kellemora »

Wow, interesting read.
But as you can see, because Linux is open source, it was spotted, and spotted again as it reloaded.
And of course, it came from the Alibaba servers, hi hi.

Actually almost any malware cannot be detected by anti-virus programs until it is installed in their libraries.
User avatar
yogi
Posts: 8189
Joined: 14 Feb 2015, 21:49

Re: Not A Windows Server

Post by yogi »

Actually almost any malware cannot be detected by anti-virus programs until it is installed in their libraries.
That is true of the old fashioned kind of AV software. They had a database with signatures (checksums) used to detect suspicious code. The virus had to do it's dirty work first before they got the signature, and then distributing the database took some time as well. Some software still uses that technique, but most of the good stuff uses huristics. That is to say the software looks for suspicious activity to identify the bad guys. This is done in real time but it can't catch everything. AI is becoming more and more sophisticated and I think that is what they will be using in future security suites.

The detection of the malware wasn't due to Linux being open source. In fact it could be argued that it was an easy target exactly for that reason. I don't know what banks do with their computers, but huristics has to be part of it. I'm guessing that's how they uncovered the skimmer.
User avatar
Kellemora
Posts: 5751
Joined: 16 Feb 2015, 17:54

Re: Not A Windows Server

Post by Kellemora »

As far as banks go, you just can't upload anything. They give you a specific form to fill out, and everything must match perfectly, else no transaction takes place.
Now that they are allowing images of checks to be uploaded, I wonder if malware can be hidden in those images?
But I think the image only goes into a reader to extrapolate the amount and account number, so only those two pieces of information are fed to the account handling programs.

I'm not running any type of virus or malware software on my computer, even so, when I hit a couple of websites I got a warning that the website needs permission to write to a certain file, sometimes there is a list of files. I just say NO and leave the website. I don't think Windows gives you these types of warnings at all.
User avatar
yogi
Posts: 8189
Joined: 14 Feb 2015, 21:49

Re: Not A Windows Server

Post by yogi »

Those warnings you are getting about suspicious activity requests from websites are coming from your browser. I know FireFox is into it big and so is Google. Most browsers give you settings that allow you to determine how much warning you get in fact. Windows 11 has a bunch of protection built into the operating system. The standard anti virus application will check everything that is downloaded and warn you if it is suspicious. If' it's a known virus it will quarantine it. While it's a highly rated system it is pretty much the old style based on known signatures and thus won't catch everything. In Windows 11 they added the heuristics I mentioned above which will stop any unusual program from running unless you override it. In other words if somebody sneaks past the AV checks and is trying to encrypt all your files, Windows 11 will shut down that process(s) and tell you about it. I'm undecided about all this because I never had a need for antivirus software in the past. Many of the reviews I've read claim Micorsoft is up near the top as far as protection goes. That could be because I've not had a virus problem in many years.

My bank's website is a curious thing. They know when I'm using a different browser or computer and will send me security questions for 2FA. But I can see anything once I get past the gatekeeper, including canceled checks that made it through the clearing house. I can transfer funds between existing accounts, but an actual cash deposit must be made at the bank or one of its ATM machines. That is where the vulnerabilities reside. The quoted article tells us that the ATM software caught the problem, which was fortunate in that case. Not all banks have that kind of software installed.
User avatar
Kellemora
Posts: 5751
Joined: 16 Feb 2015, 17:54

Re: Not A Windows Server

Post by Kellemora »

I think it is great that ms is adding things to make using a computer more secure, and adding things to block unwanted folks, virus, and malware from getting in. But can they ever fix the ID-10-T errors? hi hi.

I can't even pay my utility bill on-line from a different computer without first going through their bank of questions.
But once I do, then I can use either computer. But they always e-mail me with a notice that my account was accessed from such and such a computer, if it is not the first one on my list they keep.
Or, an attempt to connect was made from, such n such a machine, if this was not you, change your password and contact us.

Speaking of ATMs, our new one allows you to make deposits, without a deposit slip too. If you have several checks to deposit, you have to do them one at a time, and wait for the receipt for each one, which shows a picture of both sides of the check.
Then when you are all done, it gives you a totaled deposit slip.
User avatar
yogi
Posts: 8189
Joined: 14 Feb 2015, 21:49

Re: Not A Windows Server

Post by yogi »

The bank I deal with did a way with deposit slips many years ago, well before I moved down here to Missouri. It works very well almost all the time. If the check is an odd size or hand written it will do the best it can to scan it but ask me to verify the deposit amount. The downside to that is that I must remember the exact amount down to the penny before I insert the check into the machine. It's been quite a while since I used an ATM here in O'Fallon. When I do I'll withdraw $100 cash and that will last me several months. Just about everything I do is on a credit card where I get cash back. We seldom have checks to deposit because most of the financial institutions we deal with will use direct deposit. Even the IRS gives me refunds that way.

I'm not sure of Microsoft's motivations, but they definitely are serious about security. I think part of it has to do with their involvement with government programs wherein Microsoft participates in going after bot nets and shutting them down. The interesting thing about that activity is that most of those nefarious nets are Linux servers. For the time being the emphasis is on ransomware because it is lethal and has shut down some critical operations, not to mention extorted millions of dollars from panic stricken victims. Thus Microsoft is doing a lot to counter the bad guys using ransomware as a weapon. I also just read an article about Google's next generation smartphone, the one with the microprocessor they are building in-house. It's not emphasizing performance as much as it is emphasizing machine learning and artificial intelligence. There are multiple applications for that kind of smarts, but killing ransomware before it gets installed is likely their main objective.
User avatar
Kellemora
Posts: 5751
Joined: 16 Feb 2015, 17:54

Re: Not A Windows Server

Post by Kellemora »

The old ATM, you had to use a Deposit Slip and put that plus the Checks into one of their Envelopes, then put it in the ATM slot, since they no longer had a wall slot drop box.
So that is how I tried to do the new ATM and it rejected it, said unreadable, hi hi.
So I took the Deposit Slip and three checks out of the envelope, removed the paper clip and fed those in.
It spit all of it back out again, then the screen finally showed a picture, check face up signature end first.
Why didn't it show that to me first?
I put the first check in and it asked if I had another check, I punched yes and fed that in.
Then it asked if I had another check, I punched yes and fed that in.
When it asked if had another check, I punched no. Then on the screen it showed the amount of each scanned check, in a listing, plus the total of all, and asked if the total was correct. I hit Yes and it spit out a paper deposit receipt for that amount.

What I don't like about the new ATM is it only gives 50s and 20s. And I was used to punching in 300 bucks, so when I did that it just gave me 6 50s back. So now I just punch in 280 so at least I get 4 20s. I hate getting 50s.
The ATM before the last one gave back 10s and 20s, and only an occasional 50 if you punched in 300 bucks.
I really liked the ATM at the main branch because it made sense. No matter how much you punched in, it always gave 5 1s, 3 5s, 2 10s, and the rest 20s, unless you punched in 300, then you would get 2 50s. If you punched 280 you didn't get any 50s at all.
I guess so many folks punched the No Ones button, it quit giving out ones about a year ago. But you did get 4 5s, 2 10s, and the rest in 20s.
Another thing they did at the main bank for business customers, which I am. You could go up to the special teller near the vault and ask for a cash drawer of 250 or 500 dollars. They gave you a reusable corrugated plastic box the first time, and it had a specific amount of pennies, nickles, dimes, quarters, ones, fives, and tens. No 20s in the 250 drawer. The 500 dollar drawer only had like 5 20s in it and a lot of 5s and 10s. This was a handy service of which many retailers made use of. I say that because next to the vault door, outside of the vault was always a fairly large stack of returned boxes waiting to be refilled and put into the vault.

I've heard that also, ms is making great strides at preventing ransomware attacks.
Probably won't take long for the hackers to find a way around it though, hi hi.

Some of the big companies like that Utility company that got hit hard with ransomware, found they got in through a laptop computer used in the outer office, they didn't hit the servers directly, got in through the request to turn someones electric back on, because they came in and paid their past due bill and reconnection charge. It wasn't stated what kind of laptop or what OS it had on it.
User avatar
yogi
Posts: 8189
Joined: 14 Feb 2015, 21:49

Re: Not A Windows Server

Post by yogi »

It never occurred to me that the ATM network came in various flavors. I thought it was all one network, something like the Internet for business people. Then one day I discovered there is more than one network. I went to our local bank with a drive-in ATM and tried to do some transaction. It failed. That was very unusual to say the least, but there was a message saying the Bank's network was down and they could not promise when it would be back up. At that time the bank would add a surcharge to any ATM transaction that was outside their network which is how I knew which banks to avoid if I needed some fast cash. I went to one of those banks because I needed some ready cash, and my bank's network was down. It worked fine. That told me there is more than one network over which all the banks in town communicate. I never did figure out how this bank which was not part of my bank's system knew anything about my account. How did it know if there was enough money in it for me to withdraw the amount I wanted from the ATM. As it happens it gave me what I wanted, but did not post it to my bank account until a couple days later. Thus they were hoping I had funds to cover the withdrawal, but didn't really know. LOL

I typically never request more than $200. There are instructions on the ATM saying that I can only request amounts that are multiples of $20. That means all I ever get from the ATM is $20 bills. I'm happy with that. It would not matter to me if they gave me $100 bills either. It's legal tender and the stores have to take it as payment. I'm sure business accounts have different rules. I'd not now about those.
User avatar
Kellemora
Posts: 5751
Joined: 16 Feb 2015, 17:54

Re: Not A Windows Server

Post by Kellemora »

There are 17 ATM Networks in operation in the U.S. of A.
3rd Party ATM's often have a list of Networks they belong to or have access to posted on their machines.
I only know of about three that show they accept Regions cards and they each charge from 3 bucks up, the one at our local grocery store shows Regions fee $3 +2%, so I've never used it.

All of the machines in my banking system only let you take out in 20 dollar increments.
But as I said, the one at the main bank will give you 1s, 5s, 10s, and 20s, or used to, now no ones anymore.
If you request only 20 bucks, you get a 20 dollar bill. You have to select at least 100 dollars to get the smaller bills.
I'll have to check with my bank, but to use my Debit card at an ATM, even theirs, the only two amounts they are supposed to allow on my account are 280 or 300 dollars. Since I know it is set for those two amounts, I've never tried like 260 to see if it is still active or not.
User avatar
yogi
Posts: 8189
Joined: 14 Feb 2015, 21:49

Re: Not A Windows Server

Post by yogi »

The ATM card issued to me is a debit card plus a credit card. I didn't specifically ask for the credit card but there was some kind of special deal going on at the time which gave me both in a single card. There have been a few occasions when that came in handy, such as when we lost our main credit card and had to wait a few days for it to be replaced. I never conduct business transactions with the debit card other than the ATM machine. I have this paranoia about anybody but myself having access to my bank account. Plus those debit withdrawals have a tendency not to get recorded until I reconcile the account at the end of the month. That could be dangerous and is the reason why I have an overdraft protection plan with the bank.
User avatar
Kellemora
Posts: 5751
Joined: 16 Feb 2015, 17:54

Re: Not A Windows Server

Post by Kellemora »

I don't know if my Debit Card can be used as a Credit Card, never asked, never checked.
I have a Credit Card that pays me to use it and deposits the money into my savings account for me.
Besides, you have protection when using a Credit Card, not so with Debit Cards.
User avatar
yogi
Posts: 8189
Joined: 14 Feb 2015, 21:49

Re: Not A Windows Server

Post by yogi »

The price you pay of a debit Card is instant disaster. If money is taken from your account via debit card, it's gone forever. A credit card is a third party between you and a merchant. That third party assumes liability for some losses, but the losses are never directly taken out of your bank account as is the case with a debit card. Plus, there is no dispute mechanism or arbitration when your bank account has been emptied by debit cards. You can try and find the offender and sue, but you will spend more than you had in your account doing that. The credit card people on the other hand will send their lawyer out after a bad guy if he has absconded with a certain amount or more. You can refuse to pay anything until they prove it's your fault, which it generally never is your fault.

I have more control over my debit card than I do over my credit card. When they put both on the same card it's just a bookkeeping entry. It's two separate accounts. I don't think it's an automatic feature on all debit cards. My bank has already told me I don't need to have the credit account tied to that card. It's an optional choice for me.
User avatar
Kellemora
Posts: 5751
Joined: 16 Feb 2015, 17:54

Re: Not A Windows Server

Post by Kellemora »

And that is why I rarely if ever use my Debit Card when I'm making a purchase.
I have used it to Pay my credit card bill a couple of times though, but that's about it.
User avatar
yogi
Posts: 8189
Joined: 14 Feb 2015, 21:49

Re: Not A Windows Server

Post by yogi »

The only real down side of using the debit card is that my wife will make purchases and not record them nor tell me about them. It's easy for the checking account to run dry that way. One insurance company is set up to directly debit my account and that's it. I am in control when I'm the one conducting the transaction. I don't like passing that kind of control onto others regardless of how legitimate their business is. I might not have as much control over the credit card, but it is more convenient and somewhat safer.
Post Reply