Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security - Unsecured Wrieless-Hotel


  • Please log in to reply
3 replies to this topic

#1 pagemaker

pagemaker

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 01 January 2011 - 11:50 AM

I am on a secure page on an unsecured hotel wireless connection. Is it safe to enter financial info on this page? The lower right hand section has the secure lock, but I am not certain if someone can see the info that is not blocked out (like the password is).

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 01 January 2011 - 06:47 PM

Is it safe to enter financial info on this page? The lower right hand section has the secure lock


In theory, yes, it is safe. But there are some risks. I would not do it.

The secure lock you see is actually for the page you are viewing right now, it is not for the page to which you will be posting your confidential data.
By convention, the data you will be posting will also use HTTPS, but it's just that: a convention. Unless you examine the HTML code (and probably the JavaScript code), you can't be 100% sure that your data will be posted with HTTPS. But in almost all of the cases, it will be.

You should also inspect the certificate by clicking on the secure lock, to be sure that it is a certificate from your bank, issued by a CA you trust.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 somdcomputerguy

somdcomputerguy

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Virginia
  • Local time:01:12 PM

Posted 01 January 2011 - 07:21 PM

If you're using Firefox, this extension - https://addons.mozilla.org/en-US/firefox/addon/3199/ - Link Alert, may be useful to you. Basically when you hover over a link or button, a tooltip displays next to the pointer stating the destination. So you can easily tell if it's https or not..
-bruce /* somdcomputerguy */
'If you change the way you look at things, the things you look at change.'

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:12 PM

Posted 02 January 2011 - 11:41 AM

Here is an interesting press release:

Sheriff's Detectives Arrest Suspected Identity Thief
Santa Barbara - December 30th, 2010

...

Further investigation has revealed that Ehimika would select his victimís by trolling through neighborhoods looking for unsecured wireless internet connections. Once he identified a residence with a vulnerable signal, he would use his computer skills to obtain critical personal information from his victims and then ultimately tap into their home equity accounts.

...


http://www.sbsheriff.org/pr/12301001.html

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users