Quote:
|
Originally Posted by Cynthetiq
Rhetorical question.
Obvious answer.
|
Hmmm. I asked this question in December,
http://www.tfproject.org/tfp/showthr...16#post2162316,
and there was not a uniform consensus.
Quote:
|
Originally Posted by Silvy
The encryption used by most on-line banking sites assumes that you're communicating over an insecure network.
This means that the security measures assume that the communication is picked up by others. (If you use a fixed internet connection your ISP, it's employees, or other computers on the route may also eavesdrop on the connection).
The encryption scheme used (SSL) should ensure that listening in will not reveal any of the data that is transferred.
In theory you should be just as safe using a fixed internet connection as you were using a WiFi connection.
But (there is always a 'but', isn't there?) security schemes may be broken. If that happens, no internet connection is safe, but a WiFi connection is even less safe because it's easier to listen into anonymously*.
Also, using a WiFi connection allows other computers to connect to yours. That connection would normally be refused, but that is also a measure that might be broken. Potentially your PC could be hacked into allowing others to copy your screen without needing to listen in on the connection**
Hope this makes it a little clearer....
* This is not likely, but a decent post about security should mention this
** This is not very likely, but possible. This is akin to someone looking over your shoulder. You might not notice someone across the street using binoculars to read your screen. (Not likely, but not impossible either).
|
Quote:
|
Originally Posted by Dilbert1234567
There are a few attack vectors, but they are extremely difficult, the one I am most familiar with is a variation on the man in the middle attack.
First, poison the arp table and control all the traffic. Then pretend to be all parties required for the transaction, including every party that handles the encryption certificates. (The hard part). Record all traffic and take what you want. You don’t actually need access to the internals of the network, just a client. arp poisoning is easy, but the certificates is hard, and well out of reach for nearly everyone.
You are relatively safe, but not completely. I’ve mentioned this before, but I’ll say it again, if you are on a wired connection, with a part of the network is unencrypted wireless, you are not secure, and anyone can view all of your internal traffic, wired and wireless.
|
In another forum, there was a guy posting live as he hacked people's e-mail, Myspace, and Facebook accounts by doing something resembling the poisoning the arp table and man-in-the-middle. I don't understand any of that, so I thought I'd ask if new hacking techniques or programs pose a "great danger" in regard to secure banking websites.
Which apparently makes me an idiot.