secured network?
my boss scared the shit out of me today. he's been a big muckity muck here is pittsburgh for some time. he's so damn smart....probably the smartest man i've ever worked for. he has the innate ability to bring forth all kinds of data points to support his statements, its crazy. he's extremely well read, so nobody questions any of his points. very professorial in nature. i really enjoy talking with him about just about anything.except today he told me of a conversation he had over the weekend with one of his CMU buddies. CMU is one of the best tech schools out there, or at least the word on the street here in the 'burgh says so. his buddy is telling him....which he now tells me....that nobody should ever do online banking and such on a wireless network. secured or otherwise. apparently, when one has the desire and knowledge, they can look into all kinds of shit. now....this guy is some kind of supernerd. but by just grabbing one nugget from my bosses machine (remotely at that), this guy was then able to check the credit lines on several credit cards, his money market account numbers, the names of his daughter's friends that had logged onto the net using his network and a ton more. i don't think that's any news to anyone. it wasn't news to me. it just scared me because i know that we do a lot of online banking. i fucking hate stamps.
but this news hit me on the right day i suppose. i've had a network for some time, but never really took many steps to secure it. i once heard that there's basic protection in wireless routers anyway so i took comfort in that. i did very limited stuff like personalized my network name and changed the password to the router itself. but i never fucked with any of those foreboding acronyms like WPA vs. WEP, SSID and all that subset masking shit.
so as soon as we put the little one down tonight, i jumped onto the linksys website for a little tutorial. i managed to get through all the steps, despite my router being kind of old. what can i say...it was free so i can't really knock on it. i did learn that i can't enable WPA because my wireless-b doesn't support it. i'm considering upgrading.
first the dash, then the tree-fixin and now this.
booger would be proud.
posted by Buck Super Stereo @ 10:05 PM
4 Comments
4 Comments:
Unless this guy was sitting outside your building somewhere hijacking the office wifi connection then his ability to get your boss' info has absolutely ZERO to do with wireless security. Granted, you absolutely should set up some kind of encryption on your wireless network. I'd highly recommend that you upgrade to from B to G. For one thing it's much faster. It also supports the newer encryption methods (specifically WPA2). B only supports WEP and that was cracked long ago. I believe there are tools out there now that will allow anyone to crack your WEP password in well under a minute.
As to the matter of doing online banking, etc over a non-secured connection. The fact of the matter is, no matter what kind of connection you're using, even if it's a hardwired connection that you can see all the way from your computer to the bank, you shouldn't enter ANY personal information unless the URL at the top of your browser starts with https://. That s after the http means SECURE. Any site using that protocol must provide a certificate verifying their identity and also encrypt all data before it leaves your computer to be sent over the network. If you're using an https connection then it really doesn't matter so much what the rest of the network is like because your important data is already encrypted. If you're using a regular http:// URL then your data is completely unencrypted and could be read by anyone who can intercept it.
Also keep in mind that you have neither knowledge of nor control over the network after the connection leaves your house. For all you know AT&T is making a copy of all the data that goes over their lines and checking your bank balance (and AT&T owns a HUGE chunk of the internet infrastructure in the US so chances are very high that your data crosses their network somewhere). In fact, you have no idea how your data gets from you to the bank and any computer that it goes through could easily be making copies of all that information. If you don't want that to be possible, make sure you're using a secure, encrypted connection (https).
It's a good idea to encrypt your wireless connection, but that's really the least of your problems if you're not paying attention to where and how you're submitting personal information.
so does the dudeman trust the net for online commerce...banking or otherwise?
Yup, I do almost all of my banking online and I will usually buy from an online store rather than get in the car and go there. Real stores are so antiquated.
However, I don't enter my credit card number or other personal information anywhere online unless I make sure the site is using https.
This comment has been removed by the author.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home