Got something else to discuss that is not covered by the previous forums? Post it here!
#91175 by terryh
Tue Dec 27, 2011 9:09 am
I'm asking because I've had 2 credit card numbers stolen and used in the last week. These are cards I've owned and used for online purchases for decades. In the 35 years I've carried credit cards, this is a first. Maybe I was overdue if you look at statistics.

For now I've cancelled all my cards and applied a fraud alert at the credit bureaus. It's more than a little unsettling that someone is using my name, address, and cc info to buy stuff. The mere fact they have used 2 different cards makes it hard for me to understand where exactly my info leaked. I'm not accusing anyone or Ooma, just seeking thoughts and info.

I know the usual stuff. Fake scanners at gas stations, waiters taking your card, molesting the snail mail, spyware, etc., but I am aware and we shred everything. I am meticulous about my computers, but who really knows how secure they are today? The crooks are way ahead of the cops so to speak.

Ooma is relatively new to me, about one year, and I was wondering about security and privacy. Who hasn't keystroked the 16 digits from their card and read off the 3 numbers on the back into their phone at some point? There could be 10-20 hops from point to point with no encryption along the way. We always make sure the website is encrypted for privacy, but what about Ooma or VoIP in general? Are we more susceptible to theft of information?
Last edited by terryh on Tue Dec 27, 2011 11:44 am, edited 1 time in total.
#91180 by harry12
Tue Dec 27, 2011 10:41 am
.
Wifey had two responses this past month, from two different CC fraud teams. ( She prefers
to have her own credit cards. ) Someone got lucky or maybe there is a crook on the loose!

We both shop the internet and bank electronically and this is a first for her. My personal
opinion: the crooks are getting smarter, luckier or buying more powerful computers.
Not trying to be smug but I'm one of THOSE guys. I do regular incremental backups and change
my passwords at the new year. Using a password manager makes that changing quite easy.

One of my MDs used to use patients Social Security numbers as account numbers! I would
complain every chance I could and the system was finally changed. Perhaps the mentioning
of "lawyers" in those complaints had an effect? BTW, did you see the news item about the
security think tank that was hacked? :shock:
.
Last edited by harry12 on Tue Dec 27, 2011 10:49 am, edited 1 time in total.
#91181 by thunderbird
Tue Dec 27, 2011 10:48 am
terryh:
Sorry to hear about your credit card misfortune.

Lately some company data bases that contain credit card information have been hacked. That's what happened to one of my neighbors. They had a terrible time getting things back to normal, or what can be called normal, because one credit card was hacked twice. After the first time, the credit card company promised that everything was secure, but a couple of months later, the same card was hacked again. It didn't cost the neighbors any money. But it's the time and stress that got to them.

Good Luck! :)
Last edited by thunderbird on Tue Dec 27, 2011 11:59 pm, edited 1 time in total.
#91184 by Leeway
Tue Dec 27, 2011 12:12 pm
I am a backup person also Harry12. Having learned my lessons years ago working with mainframes.

I wouldn't point a finger at Ooma or any one thing you do on the web. You are correct in thinking the thieves are getting smarter at things.

Here's one that shocked me last week: I went Christmas shopping and at the checkout I was chatting with the checkout man because the police were just a few feet away arresting someone. I made a remark on how hard it must be for stores to protect their wares.

In turn, he told me that he recently had checked out a woman who bought a designer purse that was $179.00 and shortly after that his boss told him to close his register and take over the return counter. He said a man came in with a bag and wanted to return the goods for a refund. He pulled the same exact purse out of the bag and looked at the receipt which told him that was the same purse he had checked out for the lady a short time before.

He delayed the fella and pushed some button to get assistance. It turned out that the man watched the woman, followed her to her vehicle where she put the package with the purse and went into another store. He broke the window of her car and stole the purse she had just purchased to return it for cash.

Just about the time you thought you'd heard it all??

I don't think anything is failsafe anymore . . . anywhere !! In any case, I'm glad you got your cc cards stopped and I hope for no problems for you.

Donna
#91189 by terryh
Tue Dec 27, 2011 1:19 pm
lbmofo wrote:terryh, I think Ooma is more secure than traditional landline. Voice traffic is going through the internet but via encrypted VPN tunnel etc. viewtopic.php?t=11319#p78967



Thanks! Funny that I had found that JHU report since I had posted a couple hours ago. It says some VoIP encryption is outdated and easily decoded in those instances. To be honest technical mumbo jumbo like that can made my eyes close accompanied by snoring sounds. :)

I can't speak for the validity or if Ooma has updated encryption, but it does speak that there could be issues for privacy. What was great encryption only a few years ago, is probably easy reading for current hackers with new technologies.

We just all need to be aware of those lurking to steal our cyber-privacy.

Have a Great New Year!
#91192 by Dennis P
Tue Dec 27, 2011 3:52 pm
terryh wrote:Thanks! Funny that I had found that JHU report since I had posted a couple hours ago. It says some VoIP encryption is outdated and easily decoded in those instances. To be honest technical mumbo jumbo like that can made my eyes close accompanied by snoring sounds. :)


I wouldn't characterize the JHU paper as saying that VOIP encryption is "easily decoded". It sounds like they have discovered a means of inferring whether a particular phrase is mentioned during a conversation or not. While this can be useful for certain scenarios that's not the same as being able to decode the stream and listening to the whole thing as if it was completely unencrypted. Also, the technique only works on variable bit-rate codecs. Most residential VoIP phone services (including Ooma) use fixed-rate codecs, although we are the only ones to encrypt audio streams that we know of.
#91200 by Davesworld
Tue Dec 27, 2011 11:57 pm
lbmofo wrote:terryh, I think Ooma is more secure than traditional landline. Voice traffic is going through the internet but via encrypted VPN tunnel etc. viewtopic.php?t=11319#p78967



Not true. The sip signaling is going through VPN but the RTP packets that carry your voice are not VPN, they are however secure RTP. It's nice that you have a warm and fuzzy about the call setup and teardown being over VPN though so the number you dial is within VPN and when you hang up that is VPN too :D . The other issue on this is that 99% of your calls are going over the PSTN anyway and are no more secure than the PSTN itself. For this reason locking VOIP down is a moot point since the link between you and the providers proxy is not where anyone would bother trying to intercept you. RTP packets never go over the same ports each time. It would not be worth anyone's trouble to even attempt it. The chances of them succeeding at the exact time you give a number over the phone is about as likely as getting hit by lightning three times. An Ooma to Ooma call might be more secure but still, not Military grade secure line. The best benefit for having sip signaling in VPN is to prevent VOIP fraud if your device is outside the firewall/router as some still do. Were it not VPN, not secure and not behind a firewall, the worst anyone would do is to make unauthorized calls on your account. Credit Card fraud is the least likely outcome of such a scenario.

The most important thing of all is that credit card compromises these days seldom have anything to do with any phone conversation you gave the number over nor any place you purchased anything, this is done by software programs that try millions of number combos in a short time and usually try an arbitrary charge of which I presume is a fake charge. I had one compromised a few months back and so did many others in my work area because our credit cards started with similar number groups. The software used tried a 600 dollar plane ticket for Quantas and a hotel reservation for 100 dollars. One of my co-workers had a similar thing only it was a different airline and a different hotel but the amounts were the same. There is no way in hell 600 dollars would buy a Quantas ticket nor 100 dollars buy a room at a 5 star hotel so it was likely not done from the Airline's charge system nor the hotel chain, just named as such. You can best bet if the fraud protection software didn't catch it and the charges went through, none of the 700 dollars would have gone to either of the companies they were trying to mimic.

The resolution was pretty basic, the card was canceled immediately and I was issued a new one within a week. If this happens to you, do NOT assume it was when you bought something at Wendy's last night, the last places you purchased something likely did not do it. Had they done so, they would likely have succeeded and not tripped the fraud detection software program. I found that MasterCard even with a debit card is very good about reimbursing you. I once got double dipped by a Travel agency's clerical error that shot my account well into the negative. I was charged 1900 dollars twice rather than once. Mastercard gave me emergency money to cover the loss within a few days. Interestingly the Airline itself caught the error quickly and gave their portion back to my account quickly, the travel agency fee I don't know if it was ever recovered. MasterCard only took back the airline's refunded portion only. The travel agency fee was a small amount of it even though charged twice. I did not come up a dime short in the end which is the most important point of this RedLine High Energy induced rambling. :D

NOTE: If you try RedLine Energy/Sports drink from your local convenience store, follow the instructions carefully! DO NOT drink a whole bottle, you will have palpitations! These have ingredients the others do not and they WILL energize you, trust me on this!
#91212 by lbmofo
Wed Dec 28, 2011 12:04 pm
Davesworld, so for someone worried about phone line security coming from landline to Ooma, should they worry or is Ooma as secure, if not more, than landline?
#91214 by Davesworld
Wed Dec 28, 2011 12:57 pm
lbmofo wrote:Davesworld, so for someone worried about phone line security coming from landline to Ooma, should they worry or is Ooma as secure, if not more, than landline?


Far more secure if they are coming from POTS as far as local snooping since the analog from the CO to the premises can easily be tapped into. Any VOIP is much more secure than POTS locally. Ooma to Ooma avoids the entire PSTN and is as secure as it gets for a consumer phone experience.

Coming to Ooma from a POTS landline will never be less secure.

Who is online

Users browsing this forum: No registered users and 17 guests