on-line banking

I had on-line banking with Bank of America, but I canceled
the service after a peculiar thing happened.

I use Slackware Linux 7.1 and Netscape 6.23. I was on line
(57.6K dialup) two days ago when Netscape's Quality
Feedback Agent Prompt suddenly replaced my browser window.
I've had this happen a few times before, but what I saw
this time alarmed me.

There is a field in the quality feedback form where I am to
fill in the URL I was browsing when the error happened.
(I'm assuming Netscape failed for some reason.) But the
field was already filled in. This is OK. Netscape was
just being helpful by letting me know what it thought I was
doing.

But it thought I had gone to www.bankofamerica.com

I had not gone there. I hadn't been to the on-line banking
web site for weeks. So why did it crash and report that
particular URL?

I'm really a newbie to security issues. Is it possible
that I was being hacked or port scanned or messed with in
some way? I don't believe that I'm running anything that
would make me vulnerable except for being on-line through
my ISP (A Plus Net, abac.com). (Does that make me
vulnerable?)

I had a few files on my hard drive that contained bank
account and transaction information. Were these visible to
hackers? What's up? I don't understand this. If a hacker
can gain entry into my computer, how is that possible and
why would my computer cooperate? Am I not in control?

My guess is that somehow my hard drive was scanned or my
on-line banking activity was detected. This I'm guessing
lead to someone trying to spoof an on-line banking session
in my name, but it failed and Netscape's Quality Agent
intervened.

However, I'm guessing, because I know next to nothing about
security. I'm hoping to get replies from knowledgeable
people about this as well as from newbies like myself with
similar concerns.

Finally, I'm suspecting that I need to learn some hacking
skills myself in order to understand enough to be safe from
hackers. Is this true? How do I begin?

-Joe

> I had not gone there. I hadn't been to the on-line banking
> web site for weeks. So why did it crash and report that
> particular URL?

netscape tends to remember filled in forms and the like for a LONG time if
you do not disable it! maybe it just filled in values you yourself had
entered some weeks ago.

> I'm really a newbie to security issues. Is it possible
> that I was being hacked or port scanned or messed with in
> some way? I don't believe that I'm running anything that
> would make me vulnerable except for being on-line through
> my ISP (A Plus Net, abac.com). (Does that make me
> vulnerable?)

hmm, ok, the basics it is *gg*:

what makes your computer vulnerable is open ports/daemons. every network
service that runs on your computer (sharing files, samba, NFS, webserver,
webbrowser looking up an internet page) opens a port and connects to a peer
somewhere on the net.
you can run "netstat -l -n -p | grep -v unix" as root to see what listening
services run on your computer, "nmap localhost" does a similar thing.
unless you have a firewall running anyone on the internet can TRY to conect
to one of these listening services. they can only TRY, because these
services are very likely password-protected or will not allow connections
from the internet, but as any application can have faults, it is not a good
idea to allow access to services that don't necessarily need to be accessed.
once you put a firewall up, you can screen all those ports that nobody from
outside should be able to connect to.

a port scan is nothing too bad and it happens all the time. so, if you want
to freak out everytime you're scanned, be my guest, but it's not worth your
time!
a port scan tries to find out which ports are open on your computer so that
an attacker might then try to connect to the services behind those ports.
once you have configured a firewall and disabled all unnecessary services
port scans aren't even a nuissance...

i don't know if you've been hacked. it IS possible. but how do you suppose
i should tell??
to prevent crackers from gaining access to your computer disable all
services that aren't needed and keep all software actual (look at security
news tickers to be informed about new security threats).

> I had a few files on my hard drive that contained bank
> account and transaction information. Were these visible to
> hackers? What's up? I don't understand this. If a hacker
> can gain entry into my computer, how is that possible and
> why would my computer cooperate? Am I not in control?

once a hacker has connected to one of your listening services he can take
advantage of security flaws in the software and thus gain access to your
computer in access of what the service usually provides.
for example somebody could connect to your webserver in a special way
(buffer overflow, ...) and then have access to your computer with the
privileges of the webserver (that is usually a user who isn't allowed
much). then he can exploit another flaw in your OS (ptrace exploit, local
root exploits, ...) to become root. and after that - as you might well know
- he can do anything YOU can do yourself!
it's not so much about your computer cooperating, but rather about every
software having flaws which can then be exploited!

> My guess is that somehow my hard drive was scanned or my
> on-line banking activity was detected. This I'm guessing
> lead to someone trying to spoof an on-line banking session
> in my name, but it failed and Netscape's Quality Agent
> intervened.

i can't tell from your information, but if your hard drive was scanned this
would already be very bad.

> Finally, I'm suspecting that I need to learn some hacking
> skills myself in order to understand enough to be safe from
> hackers. Is this true? How do I begin?

well, i gave you some hints in brackets what kinds of exploits there are. a
good way to begin is to read security bulletins with new threats and try to
understand what's going on and how to secure your server against it.
also at "www.cert.org" there's tons of good material about how to secure
your machine, etc.

Johannes