Have you been hacked? This week we examine the risks from public WiFi, why the Internet of Things is jeopardising the security of your home, the threats frequently lurking inside innocent-looking documents, what your mobile phone says to cybercriminals without your say-so and the new method of marketing: you compromise your competitor's website. Plus, in the news, an update on ebola, do bereaved people really die of a broken heart, and DNA points the finger at a Jack the Ripper suspect...
I'm surprised this hasn't generated more replies. I'm specifically responding to the interview with Daniel Cuthbert from Sensepost. He claimed that if a mobile device connects to online banking over an insecure network the data could be intercepted by whoever controls the network. But any online banking portal will be using SSL encryption, which both encrypts the data and conducts end-to-end authentication of the connection, to make sure you really are connected to your bank, and not an imposter in between. So I don't understand why there is a problem, provided that I don't get sent to a fraudulent imposter site (which I would know because my browser would warn me), and the security certificates are valid (again, browser trust is important, but a malicious network can't break that).
I usually love your podcast but I felt disappointed by the sensationalist and disingenuous information provided by the security experts in this episode. Most sites and apps that serve sensitive information (including banking, facebook, gmail etc) use ssl to encrypt data and thus keep users safe - even over malicious networks. While it is certainly a good idea to avoid connecting to malicious networks it is not the calamity that this episode made it out to be. Rather than freaking people out it would have been better to teach users what ssl is and why they should be weary of untrusted certificates and websites/apps that do not use ssl. Mia Alexiou (Software Engineer), Sun, 28th Sep 2014
There are ways around https ...
Always and only write cheques. Online banking wastes your time instead of the bank's, which is why they promote it.
Whatever encryption you use, given enough compute power (and brain power), it can be broken.