Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RSA Log-ins and Such


  • Please log in to reply
4 replies to this topic

#1 thatguyhileman

thatguyhileman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 21 November 2015 - 07:27 PM

Hi

 

Really not sure where to post this, but I have a complicated question of the sorts. I use a RSA ID Fob to be able to check work email. Using a personal phone that has no ties to the company, by logging in this way is there any security threat to my personal information on the phone? This is strictly through Safari on an iPhone using my home network, not through any kind of app or software that they have loaded or anything. Can they monitor or see anything on the phone this way? Thanks for any help!



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 21 November 2015 - 07:58 PM

Hi thatguyhileman :)

It depends on how you login. We also use SecurIDs at work and we give them to employees that have to work from home sometimes but do not have a corporate laptop. How are you accessing your emails? What platform? Are you using something like Outlook Web Mail and you have to input your SecurID? Or do you connect to a website, then you create a VPN tunnel to your company's network and access your mail after?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 thatguyhileman

thatguyhileman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 21 November 2015 - 08:07 PM

I login through Outlook Web Mail. No VPN or anything like that. I only have very limited access, basically mail. I'm not in the program that uses a VPN for that kind of access.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 21 November 2015 - 08:23 PM

Then no, your company cannot monitor what you're doing on your phone, except accessing your emails (which they have access to anyway if you guys host your own Exchange server and have a Sysadmin that handles it).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 23 November 2015 - 12:26 PM

No, they are very limited in what they can do. And you would have to approve it. For example, if their OWA site would want to know your location, then Safari would prompt you and ask for your approval (which you could refuse, of course).

But AFAIK, asking for your location is not something OWA does.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users