Help!!!

[reaver000]

Sheesh!

The post was too long.

I,ll retype

[preep]

????????????????????????

[Leviatan]

come again?

[reaver000]

Sorry Guys,

It doesn't seem to want to post my post ,I thought there might be a character limit on it .

I guess not, any ideas why it will post this and not my other posts???

[reaver000]

OK I'll try again.

A couple of days ago My girlfriend received an email from a public spirted hacker that her Credit card details (name, address, etc) had been posted on Hackermail.com by some s**tbag lowlife. Before we had time to react over 5k had been stolen.

Now I really need to know how those MF's did it.

Any ideas??

Here are my system specs.

3 computers on a home network running Win2k with norton personal firewall on all three machines (at the time of the offence only on the ICS host ) ADSL
Norton antivirus 2002 on all three machines ( I now have the cleaner)
The network was using Netbios and TCP/IP, file and printer sharing with each machine on its own static IP address (for some reason I couldn't get it to work by obtaining the IP automatically)
I've now changed to IPX and TCP/IP with file and printer sharing after reading an article on this site (I wish I could get rid of file and printer sharing but its necessary and I still can't get the machines to obtain their IP's automatically).

Norton is/was configured to scan every week and found no viruses, although when I ran the cleaner the other day it found the Kazaa BDE, which Norton missed.

Could that be the cause of the breach?

I've been getting alot of activity from Norton Personal Firewall here's a taste

Date: 6/23/2002 Time: 2:22:25
Rule "Inbound UDP address: 0.0.0.0" blocked (xxx.xxx.xxx.xxx.xxx)Details:
Inbound TCP connection
Local address,service is (xxx.xxx.xxx.xxx.xxx)
Remote address,service is (xxx.xxx.xxx.xxx.xxx)

also this

Date: 6/22/2002 Time: 20:10:51
Inbound UDP packet blocked. Details:
Local address,service is (255.255.255.255,bootps(67))
Remote address,service is (0.0.0.0,bootpc(68))

I guess the one above is traffic on the network because I get it when I'm not online.
but I haven't got a clue what any of this stuff means could someone explain it.

For extra securty I'm looking at a proxy sever, I tried A4 proxy but it slowed surfing down to a crawl. Does anyone know if Anonymiser is any good?

I thought my system was pretty secure up until my partners details were stolen.I really don't know where they got the info from. We use the internet alot for purchases so they could have gotten it from any number of websites.

I had made a few purchases with my card a couple of days before the email and I've had no problems which leads me to believe its not my network that has been breached but a website.

But how likely is that?

Regardless of how it happened I'd like to make my system as secure as possible so any help and advice you guys can give will be greatly appreciated (and any good books you can recommend).

Thanks.

Nick.

[khakisrule]

Chances are they got it from a site. Or perhaps they stole it from her comp or from her waller in RL. Because I don't understand why your girlfriend's credit card number would even be on her computer, or how hackers would find it.

[reaver000]

My thoughts too.

Although I had thought about a keylogger, logging her keystrokes as she entered her details onto a website.

Or am I being TOO paranoid?

[Leviatan]

Could you be more specific, like did you girlfriend purchase stuff online?
e-bay/Amazone etc.

[reaver000]

Hi

Yes we both use Amazon, ebay, bidpay,paypal the lot .

Our details are floating around all over cyberspace.

We only use secure sites but something has obviously gone wrong somewhere.

[khakisrule]

Do you guys save your credit card numbers, names etc. to save time when buying something?