You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
IB Secure Device
- Thread starter IB Salvatore
- Start date
I can't tell if you are playing semantic games or are just ignorant of current buffer overflow techniques used by malware authors but I'll play along: yes, your are literally correct, at some point in the process an executable is involved since data does not execute but the infection is caused by the data.Quote from sprstpd:
I disagree. Show me one documented instance where a PDF, JPG, or DOC file by itself is the cause of a virus. Data files do not cause viruses. Executables do.
A carefully crafted PDF, JPG or whatever that exploits a vulnerability in an associated executable (Adobe Acrobat for instance) can lead to an infected system.
http://www.adobe.com/support/security/bulletins/apsb06-09.html
Malicious content inserted into a file, such as a document, could trigger a buffer overflow if the file is distilled to PDF with Adobe Acrobat. A buffer overflow can cause Acrobat to crash and can result in malicious code execution.
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Thinking that the only way you can get an email virus is if someone sends you (and you open) an .EXE or a .COM file hasn't been true in many many years.
Give that some thought the next time you open a Word or Excel attachment from some random ET poster.
Quote from GTS:
Thinking that the only way you can get an email virus is if someone sends you (and you open) an .EXE or a .COM file hasn't been true in many many years.
Theoretically true, although it is inherently more difficult for a hacker to find an exploit in a widely distributed application then it is for them to run their own executable. For example, the PDF bug was found by Adobe's own internal security team. Did a hacker actually infect PDF files to exploit this? Probably not.
Looking more closely on the topic, it looks like DOC files are the most easily susceptible to this kind of attack. I don't have much experience with Word.
As for JPG files, I guess it is all dependent on which viewer you use. Although I suppose there is chance that I could get a virus viewing a JPG file, in reality my chances are miniscule.
Quote from VOLARB:
IB's Secure Transaction Program doesn't seem to work for at least 2 hours now (02:37 EST). The "Challenge" is always "null", Account Management (for access to e.g. Daily Account Statements) therefore not accessible.
Does anybody else face the same problem ?
VOLARB
You guys are aware that IB shuts down for maintenance over the weekend, right? Comes back up after noon on Sunday?
OldTrader
Quote from GTS:
IMO If you are using your PC for anything other than trading then you should be running antivirus software. Especially if you read email from that same PC. You can get infected from non-executable attachments, PDF, JPG, DOC.
You don't need to read any email or visit any websites to get infected. Hackers are constantly scanning the internet for vulnerable systems.
Go read the log from your AV software, you will find records of blocked attempts everyday.
Linux is bit more secure, Windows is just an open invitation to be hacked.
That would be true if your system is directly connected to the internet which is a pretty uncommon and unwise thing to do these days.Quote from WD40:
You don't need to read any email or visit any websites to get infected. Hackers are constantly scanning the internet for vulnerable systems.
Go read the log from your AV software, you will find records of blocked attempts everyday.
Linux is bit more secure, Windows is just an open invitation to be hacked.
Even a basic $20 residential NAT router is going to keep internet probes from going anywhere (unless you explicitly configure it to forward them to your PC), if you are serious about security then you should invest in a decent hardware firewall, Cisco, Juniper, etc.
Connecting a machine directly to the internet and then relying on a software firewall isnt a good idea IMO.
So you dont think that are hackers out there exploiting vulnerabilities they've found and keeping it quiet rather than going public with it? No offense, but I really dont think you have a good handle of malware scene. Talk to some folks that do IT security for a living and then get back to me.Quote from sprstpd:
Theoretically true, although it is inherently more difficult for a hacker to find an exploit in a widely distributed application then it is for them to run their own executable. For example, the PDF bug was found by Adobe's own internal security team. Did a hacker actually infect PDF files to exploit this? Probably not.
You are correct that it is easier to create a viral exe then it is to exploit a buffer overflow however most people these days wont click on a random unsolicited exe they received by email which is why the hackers have moved on to buffer overflow attacks - because they work and most people are unaware they even are possible.
If a hacker targets a specific version of Acrobat and only 20% of the net population uses that version then the attack is still a success. Unless the hacker is targeting a specific person they don't care if high % are unaffected (wrong OS, wrong software version, etc) - it doesn't cost them anything. The machines that do get infected are theirs for the pillaging.
Many people just use the default OS image viewer.Quote from sprstpd:
As for JPG files, I guess it is all dependent on which viewer you use. Although I suppose there is chance that I could get a virus viewing a JPG file, in reality my chances are miniscule.
Not sure what you are advocating here by your statement that the odds of getting a virus by opening an attachments is low. Just to be clear, I'm not saying not to open any attachments, I'm giving the reason you need to have AV on your machine even if you don't engage in risky behavior.
Quote from max401:
In the US we don't include anything after the decimal point.
Hi funny guy,
IB is a US broker, they know how to do math, I was invited to get the secure device. After reading more comments I still think that most guys here are paranoid when it comes to security.
I believe that GTS is totally right, most people using the internet have no idea on what steps they can take in their hands to make their environment secure, so there is no surprise that most of you need 5 locks for your door instead of just a good one
Not criticizing anyone for having 5 locks, but do not assume that everyone should have the same just because you do.