We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Is it safe to bank online with wifi?
Options
Comments
-
i have never done that until now,I still think it is more safer with a PC at home.0
-
In my opinion banks where you log in using a pinsentry device (Barclays for example) or where they ask you for random digit from your passcode (NatWest or RBS) or when you have a little keypad on the screen (ING for example) are the safest.
Bank sites like Santander where you are asked for the whole user ID then the whole password plus login code are less secure if a Man-in-the-Middle attck is performed because the attacker can get all your secret info at once.
This also apply to emails, ebay accounts etc.
Re WPA encryption: you can have the strongest password to prevent unauthorised access to your wifi but a Man-in-the-Middle attack can come from "inside" your network if you are sharing your wifi with others (lodgers, flatmates for example).
Use Firefox, it is less vulnerable to this kind of attack.*_*_* Department of Redundancy Department *_*_*0 -
Use Firefox, it is less vulnerable to this kind of attack.
Such a MitM attack would occur at the network level by intercepting data packets containing encryption keys, wouldn't it? In which case the browser being used would be irrelevant...?
From what I've just read, a Man-in-the-Browser (MitB) attack can infect a browser and intercept (and modify) information transmitted between the two legitimate parties. But what is it about Firefox that makes it less susceptible to attack than, say, Opera or Safari?0 -
what is it about Firefox that makes it less susceptible to attack than, say, Opera or Safari?
Well, I don't know to be honest. When I discovered the existence of the Man-in-the-Middle tecnique I tested it within my wifi network and playing around I found out that I was able to get almost 100% of the info sent over from Internet Explorer (IE7 or IE8 at the time) while Firefox seemed to be tighter.
At the time I also tested Opera (not Safari though), I don't recall exactly the results on Opera but I clearly remember how Internet Explorer disappointed me. Since then I use FF, or at least I try to avoid IE.
From what I gather the Man In The Browser attack (which is different from the Man-in-the-Middle) requires some level of expertise plus a malware installed on your browser, it is more complicated. The Man-in-the-Middle attack can be carried out without compromising the victim's machine and can be setup in a few seconds.
They might have fixed the new versions of Internet Explorer though, I am not sure though as I haven't been playing with these things for a while but I was astonished by the amount of info you could get and how easy it was.*_*_* Department of Redundancy Department *_*_*0 -
Well, I don't know to be honest. When I discovered the existence of the Man-in-the-Middle tecnique I tested it within my wifi network and playing around I found out that I was able to get almost 100% of the info sent over from Internet Explorer (IE7 or IE8 at the time) while Firefox seemed to be tighter.
At the time I also tested Opera (not Safari though), I don't recall exactly the results on Opera but I clearly remember how Internet Explorer disappointed me. Since then I use FF, or at least I try to avoid IE.
From what I gather the Man In The Browser attack (which is different from the Man-in-the-Middle) requires some level of expertise plus a malware installed on your browser, it is more complicated. The Man-in-the-Middle attack can be carried out without compromising the victim's machine and can be setup in a few seconds.
They might have fixed the new versions of Internet Explorer though, I am not sure though as I haven't been playing with these things for a while but I was astonished by the amount of info you could get and how easy it was.
The browser has absolutely nothing to do with it, the data being transferred is exactly the same. If there is no encryption, it can be read by a third party0 -
The browser has absolutely nothing to do with it, the data being transferred is exactly the same. If there is no encryption, it can be read by a third party
I didn't explain myself correctly. Under Man-in-the-Middle attack Firefox would abort the connection most of the time while IE would carry on and let me "harvest" more login info. I can't really explain why, perhaps just a coincidence.*_*_* Department of Redundancy Department *_*_*0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards