Computer Security - Re: Credit Card Numbers - vulnerable while you surf?

08-21-2003, 08:46 PM

[cross-posting to alt.computer.security. Apologies if this is not a good
practise]

A friend of mine has McAfee Guard Dog. One of its supposed features is to
monitor if any Websites are trying to grab your credit card information from
your computer. (I think you have to enter your credit card number(s) into
the Guard Dog application so it when it monitors outgoing data it can
recognize if a site is trying to pull your credit card numbers -- from
cookies perhaps, left behind from doing some online shopping at another
site?).

My friend says he notices that even when he's surfing supposedly
"mainstream" sites (such as a national television network for example), the
Guard Dog program pops up a warning that the site is trying to grab his
credit card info! (I'm highly skeptical that this is the case however, as I
know many people who have done online shopping at one time or another,
without Guard Dog installed, so if "credit card snooping" was happening as
often as the Guard Dog warnings on my friend's machine seems to suggest,
then most of my friends would've been hit with credit card fraud by now, but
they haven't).

I haven't noticed this particular feature in any other security software
products. And as far as I know, the Guard Dog product is no longer being
made. So, I have a few questions:

1) IF this is such a necessary feature then why isn't it widely available?!
Or is the Guard Dog feature completely worthless?

2) If you do a lot of online shopping then is it possible that your card
numbers are stored in cookies on your machine that other (malicious)
websites can potentially read?!?!

3) If credit card numbers are on a computer and are vulnerable to snooping
Websites then what's the *easiest* way to protect them? (Don't say "delete
all cookies" after each online shopping session; I'd find that to be a pain,
and besides many computer users wouldn't have a clue).

Thanks in advance!

Dougie Roberts

08-22-2003, 04:20 AM

On Gregorian calendar date Aug 21, 2003, Dougie Roberts posted 41 lines
in the digital dimension labeled: comp.security.
Attempting to communicate the following...

> [cross-posting to alt.computer.security. Apologies if this is not a
> good
> practise]

err.... ditto

> My friend says he notices that even when he's surfing supposedly
> "mainstream" sites (such as a national television network for example),
> the
> Guard Dog program pops up a warning that the site is trying to grab his
> credit card info!

It is probably talking about 'personal' info in general, likely trying to
get his name for an Amazon.com ad. If he ever shopped there, he has
their cookie(s) and they try to insert his name (ya, personalized ads,
great, eh?) into their ads on whatever page he is going to.
Tell him to remove his name from the confidential info that he wants
blocked and most, if not all, of the problems/alerts should disappear
(sp?).
--
Warning, this post contains some sarcasm.
The end.

----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

08-22-2003, 05:13 AM

"Peer Annoyed" <abused@127.0.0.1> wrote in message
news:3f458b66$1_2@127.0.0.1...
>
> "Dougie Roberts" <> wrote in message
news:wk91b.800159$. ca...
>
> > My friend says he notices that even when he's surfing supposedly
> > "mainstream" sites (such as a national television network for example),
> > the
> > Guard Dog program pops up a warning that the site is trying to grab his
> > credit card info!
>
> It is probably talking about 'personal' info in general, likely trying to
> get his name for an Amazon.com ad.

He sent me a screen capture. The exact Guard Dog warning is "Credit card
information is being sent to an unsecure Web site".

> If he ever shopped there, he has
> their cookie(s) and they try to insert his name (ya, personalized ads,
> great, eh?) into their ads on whatever page he is going to.
> Tell him to remove his name from the confidential info that he wants
> blocked and most, if not all, of the problems/alerts should disappear
> (sp?).

I'll recommend that he do that, thanks. (However, he's not the most
tech-savvy person around, I would still prefer if there was some security
program which could automatically clean person info from cookies. Guard Dog
only warns if personal info is being accessed, apparently it doesn't tell
you what cookie is being accessed much less give you the option of deleting
it).

Thanks again

08-22-2003, 07:48 AM

"Dougie Roberts" <> wrote in message
news:wk91b.800159$. ca...
> [cross-posting to alt.computer.security. Apologies if this is not a good
> practise]
>
> A friend of mine has McAfee Guard Dog. One of its supposed features is to
> monitor if any Websites are trying to grab your credit card information
from
> your computer. (I think you have to enter your credit card number(s) into
> the Guard Dog application so it when it monitors outgoing data it can
> recognize if a site is trying to pull your credit card numbers -- from
> cookies perhaps, left behind from doing some online shopping at another
> site?).

If I would be interested in credit card numbers, I would be writing a tool
to extract those numbers from McAfee Guard Dog right now, because that's a
sure place to find real credit card numbers. Just a thought...

> My friend says he notices that even when he's surfing supposedly
> "mainstream" sites (such as a national television network for example),
the
> Guard Dog program pops up a warning that the site is trying to grab his
> credit card info! (I'm highly skeptical that this is the case however, as
I
> know many people who have done online shopping at one time or another,
> without Guard Dog installed, so if "credit card snooping" was happening as
> often as the Guard Dog warnings on my friend's machine seems to suggest,
> then most of my friends would've been hit with credit card fraud by now,
but
> they haven't).

Maybe your friend should do the following test: put in a fake credit card
number in Guard Dog. If Guard Dog still keeps saying that somebody is
stealing his credit card number, then obviously there is something wrong
with the Guard Dog application and you can say that it is worthless.
However, if it doesn't complain any more, don't conclude yet that Guard Dog
is working correctly; there may be other reasons why it complains about
websites trying to steal credit card numbers without that being really the
case (see the other replies).

Filip

08-22-2003, 04:20 AM	#2
Peer Annoyed Posts: n/a	Re: Credit Card Numbers - vulnerable while you surf? On Gregorian calendar date Aug 21, 2003, Dougie Roberts posted 41 lines in the digital dimension labeled: comp.security. Attempting to communicate the following... > [cross-posting to alt.computer.security. Apologies if this is not a > good > practise] err.... ditto > My friend says he notices that even when he's surfing supposedly > "mainstream" sites (such as a national television network for example), > the > Guard Dog program pops up a warning that the site is trying to grab his > credit card info! It is probably talking about 'personal' info in general, likely trying to get his name for an Amazon.com ad. If he ever shopped there, he has their cookie(s) and they try to insert his name (ya, personalized ads, great, eh?) into their ads on whatever page he is going to. Tell him to remove his name from the confidential info that he wants blocked and most, if not all, of the problems/alerts should disappear (sp?). -- Warning, this post contains some sarcasm. The end. ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==---- http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

08-22-2003, 05:13 AM	#3
Dougie Roberts Posts: n/a	Re: Credit Card Numbers - vulnerable while you surf? "Peer Annoyed" <abused@127.0.0.1> wrote in message news:3f458b66$1_2@127.0.0.1... > > "Dougie Roberts" <> wrote in message news:wk91b.800159$. ca... > > > My friend says he notices that even when he's surfing supposedly > > "mainstream" sites (such as a national television network for example), > > the > > Guard Dog program pops up a warning that the site is trying to grab his > > credit card info! > > It is probably talking about 'personal' info in general, likely trying to > get his name for an Amazon.com ad. He sent me a screen capture. The exact Guard Dog warning is "Credit card information is being sent to an unsecure Web site". > If he ever shopped there, he has > their cookie(s) and they try to insert his name (ya, personalized ads, > great, eh?) into their ads on whatever page he is going to. > Tell him to remove his name from the confidential info that he wants > blocked and most, if not all, of the problems/alerts should disappear > (sp?). I'll recommend that he do that, thanks. (However, he's not the most tech-savvy person around, I would still prefer if there was some security program which could automatically clean person info from cookies. Guard Dog only warns if personal info is being accessed, apparently it doesn't tell you what cookie is being accessed much less give you the option of deleting it). Thanks again

08-22-2003, 07:48 AM	#4
Filip Posts: n/a	Re: Credit Card Numbers - vulnerable while you surf? "Dougie Roberts" <> wrote in message news:wk91b.800159$. ca... > [cross-posting to alt.computer.security. Apologies if this is not a good > practise] > > A friend of mine has McAfee Guard Dog. One of its supposed features is to > monitor if any Websites are trying to grab your credit card information from > your computer. (I think you have to enter your credit card number(s) into > the Guard Dog application so it when it monitors outgoing data it can > recognize if a site is trying to pull your credit card numbers -- from > cookies perhaps, left behind from doing some online shopping at another > site?). If I would be interested in credit card numbers, I would be writing a tool to extract those numbers from McAfee Guard Dog right now, because that's a sure place to find real credit card numbers. Just a thought... > My friend says he notices that even when he's surfing supposedly > "mainstream" sites (such as a national television network for example), the > Guard Dog program pops up a warning that the site is trying to grab his > credit card info! (I'm highly skeptical that this is the case however, as I > know many people who have done online shopping at one time or another, > without Guard Dog installed, so if "credit card snooping" was happening as > often as the Guard Dog warnings on my friend's machine seems to suggest, > then most of my friends would've been hit with credit card fraud by now, but > they haven't). Maybe your friend should do the following test: put in a fake credit card number in Guard Dog. If Guard Dog still keeps saying that somebody is stealing his credit card number, then obviously there is something wrong with the Guard Dog application and you can say that it is worthless. However, if it doesn't complain any more, don't conclude yet that Guard Dog is working correctly; there may be other reasons why it complains about websites trying to steal credit card numbers without that being really the case (see the other replies). Filip

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

08-21-2003, 08:46 PM	#1
	Re: Credit Card Numbers - vulnerable while you surf? [cross-posting to alt.computer.security. Apologies if this is not a good practise] A friend of mine has McAfee Guard Dog. One of its supposed features is to monitor if any Websites are trying to grab your credit card information from your computer. (I think you have to enter your credit card number(s) into the Guard Dog application so it when it monitors outgoing data it can recognize if a site is trying to pull your credit card numbers -- from cookies perhaps, left behind from doing some online shopping at another site?). My friend says he notices that even when he's surfing supposedly "mainstream" sites (such as a national television network for example), the Guard Dog program pops up a warning that the site is trying to grab his credit card info! (I'm highly skeptical that this is the case however, as I know many people who have done online shopping at one time or another, without Guard Dog installed, so if "credit card snooping" was happening as often as the Guard Dog warnings on my friend's machine seems to suggest, then most of my friends would've been hit with credit card fraud by now, but they haven't). I haven't noticed this particular feature in any other security software products. And as far as I know, the Guard Dog product is no longer being made. So, I have a few questions: 1) IF this is such a necessary feature then why isn't it widely available?! Or is the Guard Dog feature completely worthless? 2) If you do a lot of online shopping then is it possible that your card numbers are stored in cookies on your machine that other (malicious) websites can potentially read?!?! 3) If credit card numbers are on a computer and are vulnerable to snooping Websites then what's the easiest way to protect them? (Don't say "delete all cookies" after each online shopping session; I'd find that to be a pain, and besides many computer users wouldn't have a clue). Thanks in advance! Dougie Roberts