Identity Theft

[redpoint5]

Today I'm configuring an EMR (electronic medical record) to fax. In 2023, we take a digital document, fax it to another hospital, and some miserable person takes that paper and scans it into their digital EMR. I feel that I'm facilitating this soul-draining madness.

[rmay635703]

Quote:

Originally Posted by freebeard

Ask me why I don't use credit cards or do business over Internet.

I no longer use plastic online unless I am forced to do so by a government agency.

Every time I do I get unwanted charges.

I went through what the op did in 2015/2016 and the card company wouldn’t remove the charges .

I use many passwords with a few different user names, low gain sites like this get my common username.

I would recommend to the op locking your credit (freeze) and notifying your card company.

My experience was that I could change my password and the damn *******s could still could get in like I didn’t have one.

Recommend taking smart devices off his network and throwing his cable modem/router in the dumpster as now days they make it purposely opaque where your connections are going thus difficult to know if/what device is compromised

[Piotrsko]

Problem is: which end leaked? I continue to suspect the recieving end. Cant see redpoint causing enough consternation or showing a huge amount of resources to cause a maninthemiddle attack to be worth any ones time.. probably is sloppy house keeping security.

Saying back in the day: can't steal what isn't there to steal.

Hardware aint opaque, just difficult for the unlearned. Good way to be as I hate when some people try to fix things which aren't broken and then I have to restore.

[rmay635703]

Quote:

Originally Posted by Piotrsko

Problem is: which end leaked? I continue to suspect the recieving end. Cant see redpoint causing enough consternation or showing a huge amount of resources to cause a maninthemiddle attack to be worth any ones time.. probably is sloppy house keeping security.

Saying back in the day: can't steal what isn't there to steal.

Hardware aint opaque, just difficult for the unlearned. Good way to be as I hate when some people try to fix things which aren't broken and then I have to restore.

My friend has a 15 year old cable modem/router and WiFi he rents, the company refuses to update it unless he pays for it, I told him that it’s time to apply a bit of 220vac to the wrong bits and tell them it failed. Old rented garbage like that is everywhere and is not very secure, a bit of malware can make a router into somebodies hub.

When I was on dialup I knew every incoming and outgoing connection realtime and could block anything or everything I wanted with a simple firewall.

I follow the can’t steal what isn’t there method on my end but sadly the other end is like a dripping sponge, I at least have plausible deniability since I don’t put any financials out into the wild.

That doesn’t seem to stop the steal as I seem to be in every data breach, back in ye olde times when I ran a small business it was stated in no uncertain terms that it was illegal to retain data past a validated payment, love how places I haven’t dealt with since high school still manage to leak my full identity, despite the practice being functionally illegal (even though nobody follows the law except small business)

[redpoint5]

I've probably had at least half a dozen notifications of a data breach from various banks or other institutions over the years. No doubt in some of those it included unencrypted username/password lists.

[Piotrsko]

You do know pre- pay only cards are available where there has to be a positive balance above the anticipated charge. I use one for my Sirius subscription. Let them steal that data as there's only $16.00 associated.

The cable TV modem is just a demux device, there's no real benefit to upgrading if it allows the channels you want to watch and no real up loading capabilities. Don't recall the old ones being able to share much data.

[JSH]

Quote:

Originally Posted by redpoint5

.

My question is what are some best practices to harden technology and reduce attack footprint?

Seems the old logic of 1 username and 2 passwords depending on importance is not good enough. I've enabled 2FA (two factor authentication) on the important stuff now.

2FA is good but comes in different levels of strength
Weakest is email 2FA. If someone reuses login info their is a good chance the hacker can also access the email account for the code

Text or phone 2FA is next. The weakness with that people can transfer your phone number relay to a service like google voice

Then comes printed codes. You apply for a list of codes - each one works once. It is pretty safe if printed out and kept physically. If you keep the codes in tje cloud that could be a vulnerability

Then come software tokens. Every time you log in you have to enter a one time code generated in an app or use a biometric verification. This is how my employer does security

Then comes a hardware token. It is basically a modern version of a physical key. To log in you must insert the key into the computer, phone, tablet, etc

Quote:

Originally Posted by freebeard

.

The problem with cards is that they expose the account with each transaction, where with Bitcoin only the transaction itself is exposed.

Not necessarily. Some cards allow you to generate a one time card number for every online transaction.

[redpoint5]

Took the stolen goods back to Walmart, but they couldn't accept it because my account is now cancelled, meaning they can no longer make transactions against it. Can't take the items because it would throw inventory off.

So, thieves purchased Smart Water, Naisonex, and Lysol that my CC is covering, and now I've got useless products I'm trying to give away. Stocking stuffers I guess.