HI All,

I am pretty new to Linux security so here goes ...

Last year I was denied access to my internet banking since the bank claimed that my access credentials had been compromised and that something or someone else had tried to access it.

Last week I used my credit card successfully on ebay. That was July 3.

THe following day I tried to use my credit card unsuccessfully and was told by the bank that it had been hacked into. I am waiting for the bank to issue another one.

Maybe I was attacked when using ebay ?

I am using Ubuntu 10.4 on a laptop. Apparmor is running and I am using a firewall called Firestarter - also up and running.

Where can I look on my linux box for clues ?
What steps can I take to shore up security on my Linux box ?

Frankly I am disappointed since I always assumed that Linux was very secure.

Steven Matthews

Hi,

How do you come to the conclusion that stolen/hacked/social-engineered/compromised credit card credentials are linked to linux not being secure?

Don't get me wrong, its awful that this happened to you but there are other, none linux related ways this could have happened. Please tells us some more details so we have a better understanding what happened and why linux is pointed to.

I agree with druuna, this requires more information. I am also having a little trouble mentally connecting use of your credit card with being unable to access your internet banking. There is a world of difference between the two, especially when it comes to a compromise. Are they saying that someone made unauthorized purchases with your card or are they saying that someone tried (hopefully unsuccessfully) to login to your online banking? If you are having problems with unauthorized access to your banking site, changing your card will likely do nothing to alleviate this problem and the best course of action would be a new username, coupled with a very strong password. You should also be aware of authenticity of the web site certificate to be sure that you are infact connecting to the site you believe you are connecting to. Violations here are commonly referred to as a MITM or Man In The Middle attack.

If the problem is unauthorized use of your card, it may or may not be related to the site, or rather SITES that you have visited. Sometimes you don't have to do anything wrong in order for this to happen. If this is happening, and assuming it was caused by the activity on ebay, this would be something for your bank to take up with ebay. My previous advice about verifying the authenticity of the site you are on comes into play here too.

In either regard, I doubt that you are facing a problem with a compromise of your PC. While still possible, the likelihood of a root kit or key logger that records your CC transactions would be quite remote, especially if you haven't been engaged in activity that would be considered 'stupid'. One defense against this sort of possibility is to use a Linux Live CD for your banking.

1 members found this post helpful.

DUDE: Operating system do not use credit cards.

Your OS does not (or should not, unless you have done something very unwise) keep any credit card information at all. Even the evil empire of Gates does not do that.

You need to look elsewhere if you want to assign blame.
Come to think of it, you need to look at the REAL cause to prevent this from being a weekly event!

----
Someone I know at OFFICEMAX received a laptop from a client that was so proud that they had never suffered a virus infection, but wanted a professional to clean up the buildup on their PC because it was slow. It was slow because they had two rootkits, twenty three viruses, one spyware shim, and a keylogger running in the background - hidden from them.
That may have nothing to do with your situation: just had to share.

It does not sound like YOUR COMPUTER was attacked.

The BANK was attacked. Someone was trying to brute force your account, so they deactivated it just in case. The credit card is either the same thing, or related to recent hack threats... so they decided to give you a new one.

LINUX is not the problem. Your BANK is.

And were you told by the same mechanism (e-mail) that you had just won the Nigerian lottery, or that someone had just leaked a secret chocolate-chip cookie recipe from Neiman-Marcus? Seriously, unless you can verify that the transaction is from your bank, don't.

• Log on to the bank's own web site.
• Don't "follow a link" in any e-mail to "conveniently" get there.
• "If you are having trouble reading this message," don't "click here."
• Treat any e-mail like a little bottle that's labeled, "Drink Me." (Did Alice go on a wonderful adventure, when she made that famous but very-less than-wise decision, or did she really have an acid-trip? We'll never know.)

First of all, you are protected from actual financial loss as long as you report the incident immediately, or, as in this case, the bank does it for you.

Second, here are three ways that I buy things online:

• PayPal: EBay bought 'em for a good reason. PayPal is the general-public arm of a very large "Automated ClearingHouse (ACH)" service, so they know what they're doing and they have the means to do it. One way that you can buy things is by using their escrow service, which turns the transaction into a "three-way commit," viz:
  1. You put the money in escrow at PayPal. The seller is informed that the money has been advanced but can't touch it yet.
  2. The seller ships the good, knowing that the money's there. (The seller can also enter a parcel tracking number.
  3. You receive the goods and then the money is released to the seller.
  (PayPal also offers other excellent services, such as a debit card that e-mails you immediately after a transaction has taken place.)
• Debit cards at the grocery store: You see 'em right there by the checkout, and they work like debit cards but you have to load them with some money first. So, that's what you do. Only the money that you have put into that account can be taken out of it, and you can basically keep as many of those cards as you want. (A poor man's "three-way commit.")
• Western Union: They run a tight ship. They offer similar financial services similar to the foregoing, and they can ship money to countries (like Norway, as I recall) that the US Postal Service, for whatever reason, can't access.

Basically, "businesses around the world don't futz around with paper invoices anymore, and this is what has replaced them."

Nope, this is not a marketing message. ... ... just "this works for me!"

I find it difficult to believe the credit card was compromised because of a lack of Linux security. There are many ways and more to the story which your credit card could have been compromised. The other thing about the credit card, is banks are not going to make reference to being hacked into, plus if you are using a top good bank, anything fraudulent should have been taken care of by the bank. You get your money back and the bank issues you a new credit card. If you were actually on Ebay's website, I find it hard to believe that too. There are many trying to pose on Pseudo Ebay sites through emails, like the scammers do with Paypal. I hope this helps and Kudos to the last post. Everything said is true. Paypal is processor we use, and they are the best, although the most expensive.

Norway? Huh? Between Transylvania, Outer Mongolia and Erehwon?

I recommend getting on the phone with your bank and asking them to clarify the sequence of events (from their perspective). Were your login credentials used from a strange location / computer? And/or was your credit card used in a suspicious way?

I agree with several of the other posts. You need more information about the problem. Without that, you're wasting time trying to deduce how to fix it.

[ Side note: if you're willing to share, I would be curious to know who you bank with. ]

I'm ganking that analogy for future end-user training.

I distrust potions in general, but bring me one from a reputable alchemist, release me from this bondage, and I will reward you.