Posted by sue_pa on 8/7/08 1:53pm
Msg #259140

theft of credit cards / e-signings

...Sullivan said the alleged thieves weren't computer geniuses, just opportunists who used a technique called "wardriving," which involved cruising through different areas with a laptop and looking for accessible wireless Internet signals. Once they located a vulnerable network, they installed so-called "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing networks....

There was a lot more to it than this but this is what jumped out at me and made me think about e-signings. I've only completed one and we used the borrower's computer so for me this is not an issue. I also have no idea what this first paragraph 'really' says.

If you use your own laptop, can someone 'cruising through the area' capture what you're working on? If so and if a borrower's identity is stolen and they are able to prove it happened via your laptop, who can imagine that liability/mess we'd be in.

I'm probably not saying all this right because I just don't get cyberworld and the way it works but hopefully I've 'sort of' asked this in the right way.

Reply by jba/fl on 8/7/08 2:03pm
Msg #259142

Wardriving
From Wikipedia, the free encyclopedia
Jump to: navigation, search

A free public Wi-Fi access pointWardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer or PDA.

Software for wardriving is freely available on the Internet, notably NetStumbler for Windows, Kismet or SWScanner for Linux, FreeBSD, NetBSD, OpenBSD, and DragonFly BSD, and KisMac for Macintosh. There are also homebrew wardriving applications for handheld game consoles that support Wi-fi, such as sniff_jazzbox for the Nintendo DS, Road Dog for the Sony PSP and Stumbler for the iPhone.
__________
rest of the article online @ wikipedia; google 'wardriving'

Reply by BobbiCT on 8/7/08 2:34pm
Msg #259147

WiFi wire tapping ...

In the word of two computer geek / hacker friends, "Yes."

Remember when everyone used to listen to the neighbor's baby monitors? Not the same; but the a more sophisticated "evesdropping."

Reply by rengel/CA on 8/7/08 3:50pm
Msg #259153

That is why it is very important to have a secure network on your home network. I am very fortunate to be married to a complete geek who knows all of this stuff and knows how to protect our network.

Reply by Stamper_WI on 8/7/08 4:32pm
Msg #259165

Sue, I am in the same boat. What if you tap into someone elses network to perform the esigning. Obviously its not secure and there you are transmitting someone elses info. Wish you had asked this yesterday. A computer geek was here tweaking my network and securing it. The only way I knew mine was secure was to watch my daughter log onto it with her laptop and she needed a really long number from me to get in. Once she had it in the first time, her computer remebered it the next time.
Baffling

Reply by Rich/PA on 8/7/08 4:30pm
Msg #259163

Sue,

Also being from PA I have considered e-signings. I am approved from the state, but am on the fence as to e-notarization security and will need to make a decision very shortly as to if I will pursue this. History has shown that given enough time encryption can be (to use leet speak) hax0red.

Reply by MW/VA on 8/7/08 4:58pm
Msg #259170

Virginia has postponed e-notarizations for another year because of the security issues.
As far as e-signings are concerned, I have been told that the air-cards are encrypted for complete security. I've heard of the WiFi issues & people tapping free internet connections from mobile units. I've also heard of this kind of thing coming from wireless routers in densely populated areas (it is where I live). I decided quite some time ago that I won't take my main computer wireless for that reason.

Reply by Linda_H/FL on 8/7/08 5:03pm
Msg #259173

We're connected to a router - two desktops two laptops...our router is password-protected - they can detect a wireless signal is in range but without the password they can't tap into the signal - supposedly...

Had our laptops on vacation with us in May - we had internet in the hotel but needed their password to be able to access their service....they changed their password weekly for security purposes.

Reply by MikeC/NY on 8/7/08 5:30pm
Msg #259181

"We're connected to a router - two desktops two laptops...our router is password-protected - they can detect a wireless signal is in range but without the password they can't tap into the signal - supposedly..."

Depending on your router, you may be able to turn off the "beacon", which is the signal it sends out to identify itself. Unless they're really good, they can't find you if you're not there....

Reply by MikeC/NY on 8/7/08 5:20pm
Msg #259179

"If you use your own laptop, can someone 'cruising through the area' capture what you're working on? "

If you happen to be in the wrong place at the wrong time - yes. The chances of that happening are relatively slim, unless the hacker is really bored; they're usually focused on the big bucks. Still, using your computer on a public wireless network can be risky, even if you have a firewall installed.

You can (and should) secure your home network and your laptop - both are easy to do. All that does, however, is keep others out. The weakest link in the chain is the way the data is transmitted from point A to point B - it's often not encrypted, so a "sniffer" (which is sort of like a wire-tap) can read it the same way you're reading this: plain text. So if you send email or log onto a website that is not secure (there's no little padlock icon on the lower right-hand corner of the status bar), whatever you're sending is available for all the world to see if they want to.

As far as e-signings are concerned, you can have your computer and network locked up tighter than Fort Knox and you'll still be vulnerable - because the data going back and forth is not encrypted. I'm not sure whether hackers will figure out that this is a potential bonanza, but if they do the target will likely be the source of the original documents; they may know that a TC does this but not know where the signings are taking place, so they'll target the TC and sniff their traffic. The chances of some hacker stalking Joe Signing Agent are almost nil...

Whether you would have liability if a borrower's identity is stolen because of this is best answered by a lawyer. I think the liability lies with the company transmitting the data, but that's just personal opinion. Either way, you would probably get splashed with the mud because the borrower would likely sue everyone involved.

Reply by parkerc/ME on 8/7/08 5:49pm
Msg #259186

OMG....I'm SO glad Maine doesn't have e-signings yet!!! Maybe by the time we get it up here in the wilds, everything will be worked out with the WiFi security issue!

Reply by PAW on 8/7/08 9:15pm
Msg #259218

Access to the computers is NOT the issue

Wardriving to locate a signal and capture the signal is what they were doing. They don't need access to the computers. Once the signal is obtained, they capture the data being transmitted. Then decipher the data and voila, they have the information that was needed.

Data encoding, at least 64-bit but 128-bit is better, should be done, but there are so many networks that have super-weak encryption that it is easy to decipher the data obtained from the thin air.

Reply by Susan Fischer on 8/7/08 9:22pm
Msg #259221

Fabulous thread. Crikey. The Pentagon has been

hacked, among other national systems.

Esignings, imho, must be included in any effective regulatory accountability imposed on the lending industry.

Sue, you said it just fine - look at all the great comments.