Welcome to the MacNN Forums.

UnixMac · Jul 26, 2008, 10:58 AM

Ok, I guess I was naive to think Mac's are still immuned to security threats like PC's cause for what ever reason, two credit card numbers found themselves onto the internet and thank God I was able to shut them down before anything else happened.

Anyway, Can any of you folks recommend a good security software, or maybe a setting in Mac OS X that will disallow keylogging on my computers?

thanks

Cold Warrior · Jul 26, 2008, 11:14 AM

Make all your users regular ones, not admins, and install little snitch or a similar outbound logging/alert firewall program. These steps will help.

However, there are a lot of ways your credit cards could have been compromised. It's more likely that it was fraud (someone employing a skimmer) or someone with the number visiting a bad website or gullible enough to visit a phishing link.

angelmb · Jul 26, 2008, 11:22 AM

wow, sorry to hear about that, could you give us more info?, sites were you 'could' have used the aforementioned credit cars, how did you noticed the leak… I haven't ever heard about such issue on a Mac…

As for software, I guess something like NetBarrier could help, you can include the credit cards numbers as sensitive data not allowed to 'leave' the computer, so once you add the credit cards numbers such string is always blocked if it ever tries to find its way onto the internet…

P.S. instead of shutting it down, why not just disconnect the LAN wire? oh well, you could be wireless… then set up a isolated location on your network preferences, it is going to be faster than to shut the whole Mac down if e.g. you have other apps running… just my humble opinion.

TETENAL · Jul 26, 2008, 11:32 AM

Credit card numbers are no secret, are they? Everybody from whom you buy something could write them down. So there are many more opportunities every day that are much easier than putting a keylogger onto your Mac.

mduell · Jul 26, 2008, 01:21 PM

OS X keyloggers do exist, but keylogging can be done in hardware so software isn't necessarily going to make you safe if you think keylogging is what compromised your credit card info.

rotuts · 01:52 PM

actually this probably happened to me. I bought something on the net, and a few minutes later the card was used by a 'bogus' charger to make a very small purchase <10$ to see if the card worked and then my credit card company put a hold on the card and then called me

the CC company apparently was well aware of this <10$ move. now don't get me wrong im glad they did it but it took them 6 hours to call me.

what if I was traveling? buying something else?

I spent a lot of my time trying to tell the valid merchant about this thinking this might be helpful to them, unfortunately it just bent them out of shape!

go figure! dont go to that site anymore. never. nada. all I can do.

again, it could have been pick up elsewhere but the CC Company zerowed in on that last valid Internet charge.

don't know how this helps the discussion but all points were to the transmission of the last valid purchase from a secure site that haad some sort of "MegaGard" (

) we sweep every day guarantee.

so who knows.

cheers

Cold Warrior · Jul 26, 2008, 01:51 PM

Too many legitimate web sites have partnerships with clubs or other insidious companies that fly just below the fraud radar. They routinely charge these $10 transactions once a month. Consumers unwittingly sign up when they buy something from a regular merchant. Usually it comes in the form of a sly redirect or a check-the-block in small print at checkout. This is probably what happened.

The biggest one I can think of (my wife fell for this one):
[Credit Card Fraud] ReservationRewards Norwalk CT $10 Charge App - dslreports.com

rotuts · Jul 26, 2008, 02:11 PM

thats a good point Cold W.

but in my case never did any of that.

interesting the CC Company knew about the < 10 $ (8.98 for me) scam and was set up for it.

I tried to get more info out of them but they too clammed up.

"Easter europe" came up believe it or not!

cheers

( nothing costs <10 bucks now so they are all out of buisness!)

UnixMac · Jul 26, 2008, 02:23 PM

Well, I've been playing WoW a lot lately and I surf onto various forums including the Blizzard ones... I recall once clicking on a link only later to read in the thread that the link was put in place by a key logger.. The question I have is, aren't most of these key logging apps for PC? if there is indeed a link that can cause a key logging app to download onto my Mac, wouldn't I know about it, or at least it would should up in my Downloads folder or have to go thru some sort of install process?

Anyway, I agree.. maybe it was an inside job from the vendor I used.. I'm investigating this now..

btw.. I do have little snitch installed but I"m not sure how to configure it best to keep from getting constant nusense (sp?) reminders every-time I surf onto a website or something..

Also, is setting the Safari Browser to "private browsing" helpful at all?