Did I just give some hacker access to my bank account?
January 5, 2006 9:47 AM Subscribe
As a poor college student I've never been afraid to get my software from slightly illegal sources, but now I may have done something stupid.
I downloaded a copy of Microsoft Money 2006 from a bittorrent site. The same site that I got my copies of... well everything. Now I've been a trusting person mostly because I've never got a program with a virus in it and also my data isn't that valuable to me. But with Money I entered all my bank account information into it. Was this a mistake? What do you think the odds are that someone could have altered the program to steal all my information/money?
I downloaded a copy of Microsoft Money 2006 from a bittorrent site. The same site that I got my copies of... well everything. Now I've been a trusting person mostly because I've never got a program with a virus in it and also my data isn't that valuable to me. But with Money I entered all my bank account information into it. Was this a mistake? What do you think the odds are that someone could have altered the program to steal all my information/money?
It's possible, but yeah, too much trouble to be very likely.
If the program seems unusually unstable (for a Windows application, that is) that might be a sign it had been tampered with.
posted by jjg at 9:55 AM on January 5, 2006
If the program seems unusually unstable (for a Windows application, that is) that might be a sign it had been tampered with.
posted by jjg at 9:55 AM on January 5, 2006
A software firewall could tell you if the program is "phoning home" in suspicious ways. There are lots of free ones. I mean really free that you don't even have to pirate. Look amongst these threads for recommendations.
posted by TimeFactor at 10:02 AM on January 5, 2006
posted by TimeFactor at 10:02 AM on January 5, 2006
You could grab the 90 day deluxe trial version directly from Microsoft, I believe it's the full version, just crippled with a trial key. That might help you find any differences.
On a related note, if you work the rebates right you can pickup Money 2006 deluxe for about $10 online. (read the rebate offers half way down)
posted by blue_beetle at 10:04 AM on January 5, 2006
On a related note, if you work the rebates right you can pickup Money 2006 deluxe for about $10 online. (read the rebate offers half way down)
posted by blue_beetle at 10:04 AM on January 5, 2006
And of course Windows XP has a firewall built-in (I'm on 2K) so you may not even need to download anything.
posted by TimeFactor at 10:04 AM on January 5, 2006
posted by TimeFactor at 10:04 AM on January 5, 2006
There are many other ways to get peoples' bank account information that would be much easier to implement.
I could see someone unscrupulous packaging a pirated copy of Money with a phishing setup "wizard" which prompts for the user's sensitive information, maybe. But if you entered the stuff directly into Money, and everything looked fine, then you're fine.
posted by DrJohnEvans at 10:05 AM on January 5, 2006
I could see someone unscrupulous packaging a pirated copy of Money with a phishing setup "wizard" which prompts for the user's sensitive information, maybe. But if you entered the stuff directly into Money, and everything looked fine, then you're fine.
posted by DrJohnEvans at 10:05 AM on January 5, 2006
As the others have said, theoretically possible, practically, not so much. It'd be a huge pain in the ass, and other, easier techniques would probably gain more accounts.
But I'd second a firewall -- turn off all outbound access for MS Money. Your firewall should then alert you of every attempt to access the internet. If it only ever phones home to Microsoft, and maybe some bank servers you tell it to, you're fine. If it attempts to connect to warez.cz or i.pwn.your.bank.pl, well then you should shred the program and wipe the hard drive.
On the Mac, the firewall I'd use is Little Snitch. Not sure what the Windows equivalent would be, but it's out there.
posted by teece at 10:10 AM on January 5, 2006
But I'd second a firewall -- turn off all outbound access for MS Money. Your firewall should then alert you of every attempt to access the internet. If it only ever phones home to Microsoft, and maybe some bank servers you tell it to, you're fine. If it attempts to connect to warez.cz or i.pwn.your.bank.pl, well then you should shred the program and wipe the hard drive.
On the Mac, the firewall I'd use is Little Snitch. Not sure what the Windows equivalent would be, but it's out there.
posted by teece at 10:10 AM on January 5, 2006
Best answer: I'd be more worried about admitting to software piracy on a site where you have your e-mail address and URL! But yeah, you need to have a tight firewall, etc.
posted by wackybrit at 10:17 AM on January 5, 2006
posted by wackybrit at 10:17 AM on January 5, 2006
I concur with jon_kil, though he doesn't elaborate on what I think is the the most salient point - arduous task or simple task, the technically-inclined criminal would have much better luck with phishing techniques and reach a much larger audience. Spending time to mod software that a few thousand people will download (since pirated copies of money presumably have less wide appeal than video of Paris Hilton blowing someone) is a poor investment, particularly when you consider how few of those people who would steal MS Money have money worth taking or identities worth stealing.
posted by phearlez at 11:01 AM on January 5, 2006
posted by phearlez at 11:01 AM on January 5, 2006
Why even use Microsoft money? What about gnucash. I don't know if it does the bank account stuff, though.
posted by delmoi at 11:08 AM on January 5, 2006
posted by delmoi at 11:08 AM on January 5, 2006
And of course Windows XP has a firewall built-in (I'm on 2K) so you may not even need to download anything.
The Microsoft built-in firewall doesn't block egress ports, only ingress, so it's no use at checking/stopping software from 'phoning home.
posted by benzo8 at 11:55 AM on January 5, 2006
The Microsoft built-in firewall doesn't block egress ports, only ingress, so it's no use at checking/stopping software from 'phoning home.
posted by benzo8 at 11:55 AM on January 5, 2006
The Microsoft built-in firewall doesn't block egress ports, only ingress
Thanks. I didn't know that. The only reason I'd use a software firewall (as opposed to a firewalling router or the like) is to monitor outbound traffic at the application level (i.e. "phoning home") so that makes the XP one useless for me (and the asker as well, of course).
posted by TimeFactor at 12:12 PM on January 5, 2006
Thanks. I didn't know that. The only reason I'd use a software firewall (as opposed to a firewalling router or the like) is to monitor outbound traffic at the application level (i.e. "phoning home") so that makes the XP one useless for me (and the asker as well, of course).
posted by TimeFactor at 12:12 PM on January 5, 2006
Either the builtin firewall, or something that comes with my dell, bitches at me every time a new app tries to get out of my computer to the internet at large, and I have to approve it. I don't use windows much so I never really tried to figure out what it is. There is probably a database of standard apps that it doesn't complain about, but it probably checks the exe itself, because I have to verify programs that I build myself every time I rebuild them.
posted by RustyBrooks at 12:24 PM on January 5, 2006
posted by RustyBrooks at 12:24 PM on January 5, 2006
If it only ever phones home to Microsoft . . . you're fine.
ya think?
posted by realcountrymusic at 12:25 PM on January 5, 2006
ya think?
posted by realcountrymusic at 12:25 PM on January 5, 2006
realcountrymusic: from the (potential) cracker of the MS Money software, yes. From MS sending the BSA or the FBI out to his dorm? Theoretically, no, practically, yes.
posted by teece at 12:29 PM on January 5, 2006
posted by teece at 12:29 PM on January 5, 2006
I doubt you'd have to crack money at all. just setup a bat file or other small binary with MS Money's icon that launches a keylogger and MS Money. Probably be fairly easy to do, were one so nefariously inclined.
posted by roue at 1:47 PM on January 5, 2006
posted by roue at 1:47 PM on January 5, 2006
Gnucash
OFX Import
GnuCash is the first free software application to support the Open Financial Exchange protocol that many banks and financial services are starting to use.
HBCI Support
GnuCash is the first free software application to support the German Home Banking Computer Information protocol, allowing German users to perform statement download and initiate bank transfers and direct debits.
GnuCash also imports quicken data.
As soon as GnuCash will talk to my credit union, I'm dumping windows completely.
posted by craniac at 7:11 PM on January 5, 2006
OFX Import
GnuCash is the first free software application to support the Open Financial Exchange protocol that many banks and financial services are starting to use.
HBCI Support
GnuCash is the first free software application to support the German Home Banking Computer Information protocol, allowing German users to perform statement download and initiate bank transfers and direct debits.
GnuCash also imports quicken data.
As soon as GnuCash will talk to my credit union, I'm dumping windows completely.
posted by craniac at 7:11 PM on January 5, 2006
« Older Software that speaks my appointments for the day? | Is there a term for overestimating the importance... Newer »
This thread is closed to new comments.
If you were really worried, you could do a binary diff on an authentic version of the application and its dlls. Same version, though.
posted by jon_kill at 9:50 AM on January 5, 2006