| Author | Thread |
|
|
01/04/2013 12:32:05 PM · #26 |
Originally posted by vawendy:
Is there a non-tweet option? I don't tweet... :( |
Your bluebirds do... |
|
|
|
01/04/2013 12:54:33 PM · #27 |
Originally posted by Bear_Music:
Originally posted by vawendy:
Is there a non-tweet option? I don't tweet... :( |
Your bluebirds do... |
yeah, but they're gone for the winter, and the squirrels definitely don't tweet! :)
|
|
|
|
01/04/2013 02:28:28 PM · #28 |
Like Cory, I do computer security for a living, and his post hit the nail on the head.
Lest you be overly worried about the security of your credit card online, nearly 90% of credit card theft in 2011 was from retail POS terminals (retail stores, restaurants, and gas stations mostly). Some of it was malicious employees with their own card readers, but most were insecure computers that got hacked somehow.
Regardless, the only pieces of advice I would give are...
...watch your credit card bills like a hawk. You're not responsible for fraudulent credit card charges if report them in a timely manner.
...consider using Paypal for purchases on small websites (like strobist). As much as everyone loves to hate Paypal, they do take security more seriously than a small website will.
...cover your hand when entering your pin on a pin pad. The thieves need a PIN number to use your debit card, so there's usually a camera set up somewhere to record the pin. |
|
|
|
01/04/2013 02:57:24 PM · #29 |
Originally posted by vawendy:
Originally posted by Bear_Music:
Originally posted by vawendy:
Is there a non-tweet option? I don't tweet... :( |
Your bluebirds do... |
yeah, but they're gone for the winter, and the squirrels definitely don't tweet! :) |
They would if you grabbed 'em by the nuts! (runs for shelter) |
|
|
|
01/04/2013 03:05:24 PM · #30 |
Originally posted by Bear_Music:
Originally posted by vawendy:
Originally posted by Bear_Music:
Originally posted by vawendy:
Is there a non-tweet option? I don't tweet... :( |
Your bluebirds do... |
yeah, but they're gone for the winter, and the squirrels definitely don't tweet! :) |
They would if you grabbed 'em by the nuts! (runs for shelter) |
:P
|
|
|
|
01/04/2013 03:08:36 PM · #31 |
Originally posted by Ann:
Like Cory, I do computer security for a living, and his post hit the nail on the head.
Lest you be overly worried about the security of your credit card online, nearly 90% of credit card theft in 2011 was from retail POS terminals (retail stores, restaurants, and gas stations mostly). Some of it was malicious employees with their own card readers, but most were insecure computers that got hacked somehow.
Regardless, the only pieces of advice I would give are...
...watch your credit card bills like a hawk. You're not responsible for fraudulent credit card charges if report them in a timely manner.
...consider using Paypal for purchases on small websites (like strobist). As much as everyone loves to hate Paypal, they do take security more seriously than a small website will.
...cover your hand when entering your pin on a pin pad. The thieves need a PIN number to use your debit card, so there's usually a camera set up somewhere to record the pin. |
So the site is saying it couldn't possibly be on their end because it is norton verified and https. I also would have thought that it was secure. They're saying that it's probably malware/virus, but it's a mac, and I bet it scans clean. The timing still leads me to believe it was because of this purchase, so I'm curious what the experts think. What's the likely hole?
|
|
|
|
01/04/2013 05:02:57 PM · #32 |
Originally posted by vawendy:
So the site is saying it couldn't possibly be on their end because it is norton verified and https. I also would have thought that it was secure. They're saying that it's probably malware/virus, but it's a mac, and I bet it scans clean. The timing still leads me to believe it was because of this purchase, so I'm curious what the experts think. What's the likely hole? |
I thought in your original post you said you followed a link from their site (strobist) to some other place where you made the original (supposedly) genuine purchase. THAT site would be where the fraud/ID theft occurred, not at strobist itself; I think they are only guilty of referring you to possible crooks ... I don't know what kind of background checks (if any) websites do when they accept ads with links ΓΆ€” I see disclaimers on sites all the time saying that they are not responsible for what happens when you follow a link to a site out of their direct control.
Message edited by author 2013-01-04 17:04:37. |
|
|
|
01/04/2013 05:13:15 PM · #33 |
Does the credit monitoring companies such as life lock work?
Message edited by author 2013-01-04 17:15:24. |
|
|
|
01/04/2013 06:00:05 PM · #34 |
Originally posted by GeneralE:
Originally posted by vawendy:
So the site is saying it couldn't possibly be on their end because it is norton verified and https. I also would have thought that it was secure. They're saying that it's probably malware/virus, but it's a mac, and I bet it scans clean. The timing still leads me to believe it was because of this purchase, so I'm curious what the experts think. What's the likely hole? |
I thought in your original post you said you followed a link from their site (strobist) to some other place where you made the original (supposedly) genuine purchase. THAT site would be where the fraud/ID theft occurred, not at strobist itself; I think they are only guilty of referring you to possible crooks ... I don't know what kind of background checks (if any) websites do when they accept ads with links ΓΆ€” I see disclaimers on sites all the time saying that they are not responsible for what happens when you follow a link to a site out of their direct control. |
I believe it's a valid site -- I just think that security broke down somewhere someplace. The company is fastspring. People might just want to watch out when placing purchases and watch their credit cards afterwards. I don't think that there was any bad intentions on anyone's part -- I think something just got hacked. So people might want to be careful for awhile.
|
|
|
|
01/04/2013 06:05:44 PM · #35 |
Originally posted by neenee1999:
Does the credit monitoring companies such as life lock work? |
Well, considering the owner has been compromised multiple times, it's my guess that would be a big-assed no.
Basically the only thing they're good for is separating scared folks from their money. ;) |
|
|
|
01/04/2013 07:02:02 PM · #36 |
| About the only thing you can do is try to get notified as soon as possibly after a potential threat. There are numerous notification services (I use Credit Notify) which emails me anytime there is a query of any sort on any of my accounts. This includes my SS#. It is not infallible (as hackers can change your email settings and intercept the notification), but it is something. |
|
|
|
01/04/2013 07:40:15 PM · #37 |
Originally posted by vawendy:
So the site is saying it couldn't possibly be on their end because it is norton verified and https. I also would have thought that it was secure. They're saying that it's probably malware/virus, but it's a mac, and I bet it scans clean. The timing still leads me to believe it was because of this purchase, so I'm curious what the experts think. What's the likely hole? |
It sounds like whoever responded to you doesn't know much about website security. You said that you were redirected to a 3rd party site where you paid. A couple things could have happened...
- The original (strobist) site could be hacked, and redirecting to a bogus payment site.
- Or, the payment site has been hacked.
Neither of these things would turn up in a "norton" scan, and https isn't going to be much help in either case.
Or, yes, your computer could have a problem, but if your computer has a problem, and you've made purchases with other cards, I would expect to get fraudulent activity on those cards, too. It doesn't matter that it's a Mac. Regardless of fanboy opinion, Mac's get malware, too. It's less likely, but still possible.
I personally wouldn't worry about it unless a something else gets compromised. Check your bills carefully every couple of weeks, report problems you find, and don't worry about it. |
|
|
|
01/04/2013 07:45:13 PM · #38 |
Originally posted by neenee1999:
Does the credit monitoring companies such as life lock work? |
For a single credit card breach, I wouldn't worry about credit monitoring. It's expensive, tends not to be all that useful, and you're already protected from fraudulent credit card charges.
Where something like credit monitoring can be useful is if you've had actual identity theft, where someone is opening new accounts in your name. That can be hell to clean up, and you'll want to stay on top of what's going on. |
|
|
|
01/04/2013 07:56:14 PM · #39 |
By the way....Something like 90% of website data breaches are discovered by an outside party. Credit card companies will follow up with the website operator and with law enforcement if they see a pattern of fraudulent activity coming from cards that were used on a specific site. So if the stobist site (or their payment processor) has actually been hacked, they'll be hearing from someone with more authority than you soon enough.
|
|
|
|
01/04/2013 08:03:18 PM · #40 |
Originally posted by Ann:
You said that you were redirected to a 3rd party site where you paid. A couple things could have happened...
- The original (strobist) site could be hacked, and redirecting to a bogus payment site.
- Or, the payment site has been hacked. |
The payment site Strobist uses is Fastspring, so if the breach occurred during the Strobist product purchase, it would be at fastspring. I'm not sure that it is feasible for anyone to track down where the breach was unless several or many of them occurred via fastspring. |
|
|
|
01/04/2013 08:04:50 PM · #41 |
Originally posted by Ann:
Originally posted by vawendy:
So the site is saying it couldn't possibly be on their end because it is norton verified and https. I also would have thought that it was secure. They're saying that it's probably malware/virus, but it's a mac, and I bet it scans clean. The timing still leads me to believe it was because of this purchase, so I'm curious what the experts think. What's the likely hole? |
It sounds like whoever responded to you doesn't know much about website security. You said that you were redirected to a 3rd party site where you paid. A couple things could have happened...
- The original (strobist) site could be hacked, and redirecting to a bogus payment site.
- Or, the payment site has been hacked.
Neither of these things would turn up in a "norton" scan, and https isn't going to be much help in either case.
Or, yes, your computer could have a problem, but if your computer has a problem, and you've made purchases with other cards, I would expect to get fraudulent activity on those cards, too. It doesn't matter that it's a Mac. Regardless of fanboy opinion, Mac's get malware, too. It's less likely, but still possible.
I personally wouldn't worry about it unless a something else gets compromised. Check your bills carefully every couple of weeks, report problems you find, and don't worry about it. |
I wasn't worried -- I was more curious at this point. Because I also thought that if it was the mac we would have had other problems, as well. We've purchased a lot with our own cards this holiday season without any difficulties. It was just this one purchase with my mother-in-law's card at this particular site that was the problem. And if it was the strobist site that was hacked, I wouldn't have thought that I would have received the download that I purchased, because that was after I had been transferred to the new site. So it seemed like it had to have been the payment site that had the hole. But I wasn't sure if there was something I was missing -- so it was curiosity at this point. So I thought I'd continue trying to track it down.
Well... that and irritation at fastspring for claiming that they have never had a credit card stolen from them and it couldn't possibly have been their site that was the problem. I reported it because I thought they'd like to know that there might have been a problem with their site. I just wanted a "thanks, we don't think so, but we'll look into it. We appreciate you passing on the information." So much for that.
Message edited by author 2013-01-04 20:06:58.
|
|
|
|
01/04/2013 08:09:28 PM · #42 |
Originally posted by Art Roflmao:
Originally posted by Ann:
You said that you were redirected to a 3rd party site where you paid. A couple things could have happened...
- The original (strobist) site could be hacked, and redirecting to a bogus payment site.
- Or, the payment site has been hacked. |
The payment site Strobist uses is Fastspring, so if the breach occurred during the Strobist product purchase, it would be at fastspring. I'm not sure that it is feasible for anyone to track down where the breach was unless several or many of them occurred via fastspring. |
Yeah, given that Wendy says she got the product, I'd say that fastspring has been hacked, and they either don't know it yet, or aren't admitting it to anyone. |
|
|
|
01/04/2013 08:11:35 PM · #43 |
Originally posted by Ann:
Originally posted by Art Roflmao:
Originally posted by Ann:
You said that you were redirected to a 3rd party site where you paid. A couple things could have happened...
- The original (strobist) site could be hacked, and redirecting to a bogus payment site.
- Or, the payment site has been hacked. |
The payment site Strobist uses is Fastspring, so if the breach occurred during the Strobist product purchase, it would be at fastspring. I'm not sure that it is feasible for anyone to track down where the breach was unless several or many of them occurred via fastspring. |
Yeah, given that Wendy says she got the product, I'd say that fastspring has been hacked, and they either don't know it yet, or aren't admitting it to anyone. |
Or it had nothing at all to do with the strobist purchase - still a possibility. |
|
|
|
01/04/2013 08:20:10 PM · #44 |
Originally posted by Art Roflmao:
Originally posted by Ann:
Originally posted by Art Roflmao:
Originally posted by Ann:
You said that you were redirected to a 3rd party site where you paid. A couple things could have happened...
- The original (strobist) site could be hacked, and redirecting to a bogus payment site.
- Or, the payment site has been hacked. |
The payment site Strobist uses is Fastspring, so if the breach occurred during the Strobist product purchase, it would be at fastspring. I'm not sure that it is feasible for anyone to track down where the breach was unless several or many of them occurred via fastspring. |
Yeah, given that Wendy says she got the product, I'd say that fastspring has been hacked, and they either don't know it yet, or aren't admitting it to anyone. |
Or it had nothing at all to do with the strobist purchase - still a possibility. |
Yup -- that's what I'm wondering -- but it's looking less and less and less likely. We'll scan the mac this weekend. But I can't see this happening from a purchase she made online a month before or a transaction a couple of weeks before. The timing is too coincidental. But we'll never know for sure.
|
|
Home -
Challenges -
Community -
League -
Photos -
Cameras -
Lenses -
Learn -
Help -
Terms of Use -
Privacy -
Top ^
DPChallenge, and website content and design, Copyright © 2001-2025 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 08/12/2025 08:11:23 AM EDT.
