Naked Scientists Podcast

Naked Scientists episode

Mon, 15th Sep 2014

Hack Attack!

Hack attack!  (c) Sinistra Ecologia Libertà

Have you been hacked? This week we examine the risks from public WiFi, why the Internet of Things is jeopardising the security of your home, the threats frequently lurking inside innocent-looking documents, what your mobile phone says to cybercriminals without your say-so and the new method of marketing: you compromise your competitor's website. Plus, in the news, an update on ebola, do bereaved people really die of a broken heart, and DNA points the finger at a Jack the Ripper suspect...

Listen Now    Download as mp3

In this edition of Naked Scientists

Full Transcript

  • 01:18 - Why is Ebola spreading so quickly?

    With over 3000 victims so far, the Ebola crisis gripping parts of West Africa is ten times larger than any previous outbreak. Why?

  • 08:20 - Can you die from a broken heart?

    It's remarkably common for elderly people who were previously healthy to die soon after their spouse. Why does this happen?

  • 40:42 - How hackers use email

    How opening email attachments could lead to leaking your personal data, plus what are the true costs of browsing the Internet when abroad?

  • 47:46 - Attacking competitor websites

    Companies are able to knock out business competition by taking out their on-line presence.

 

Multimedia

Subscribe Free

Related Content

Comments

Make a comment

I'm surprised this hasn't generated more replies. I'm specifically responding to the interview with Daniel Cuthbert from Sensepost. He claimed that if a mobile device connects to online banking over an insecure network the data could be intercepted by whoever controls the network. But any online banking portal will be using SSL encryption, which both encrypts the data and conducts end-to-end authentication of the connection, to make sure you really are connected to your bank, and not an imposter in between. So I don't understand why there is a problem, provided that I don't get sent to a fraudulent imposter site (which I would know because my browser would warn me), and the security certificates are valid (again, browser trust is important, but a malicious network can't break that).

Everyone then suggests installing a VPN to encrypt traffic, off to another server which is hopefully controlled by someone trustworthy - and not by a scam merchant taking my money and getting a much higher level of access to monitor and intercept my traffic (as it exists their servers) as well.

It also isn't clear to me why a malicious network won't just intercept (via a man-in-the-middle compromise) a VPN connection as easily as an SSL connection, except that VPN clients are much more niche applications with much less information about how they are secured.

Is this just a way to sell VPN products and services? richardash1981, Sun, 21st Sep 2014

Good point.

This is a nice description of how secure connections work:

http://robertheaton.com/2014/03/27/how-does-https-actually-work/ chris, Mon, 22nd Sep 2014

I usually love your podcast but I felt disappointed by the sensationalist and disingenuous information provided by the security experts in this episode. Most sites and apps that serve sensitive information (including banking, facebook, gmail etc) use ssl to encrypt data and thus keep users safe - even over malicious networks. While it is certainly a good idea to avoid connecting to malicious networks it is not the calamity that this episode made it out to be. Rather than freaking people out it would have been better to teach users what ssl is and why they should be weary of untrusted certificates and websites/apps that do not use ssl. Mia Alexiou (Software Engineer), Sun, 28th Sep 2014

There are ways around https ...


https://www.grc.com/fingerprints.htm RD, Tue, 14th Oct 2014

Always and only write cheques. Online banking wastes your time instead of the bank's, which is why they promote it.

And remember if the bank says that your security has been compromised, or someonme has forged your signature, it's prima facie their fault because it's their security system that they insisted you should use: the contract is for the bank to pay on your order alone, and if they can't be bothered to verify the order, they have broken the contract.

Truly personal data is an odd thing. If you visit a hospital or a dentist, your digital x-rays will be stored for ever under a couple of layers of password, which will waste everyone's time and contribute nothing to your treatment (oldfashioned film x-rays were thrown away after 2 years because they are mostly irrelevant), but your presence in whatever clinic will be on public view*, and there's no mistaking the plaster on your leg or your shiny new teeth, and the really important stuff like vital signs, drugs, history, etc., will be written on a paper file that anyone can read until it is lost.


*Just to make absolutely sure, they pay a nurse to walk into the waiting area and shout your name! alancalverd, Tue, 14th Oct 2014

Whatever encryption you use, given enough compute power (and brain power), it can be broken.

With the exponential increase in computer power, this often happens quite quickly.

The GSM mobile system used a 56-bit encryption called DES, which was effectively weakened criminals could not use it. It then became crackable by ordinary computers while GSM was still actively used.

The earliest form of WiFi encryption can now be easily cracked

But the biggest security risk is people who leave their home WiFi router with no encryption at all.

Public WiFI hotspots intentionally use no encryption (so anyone can use them), but this also means that other people with suitable software on their computer can see what you are doing


In the end it is a balance between the occasional inconvenience of turning on encryption in your browser vs the occasional inconvenience of someone breaking your computer, or stealing your banking details. evan_au, Tue, 14th Oct 2014



True , but you can avoid eavesdropping in that situation by using a Virtual Private Network. RD, Sat, 25th Oct 2014

See the whole discussion | Make a comment

Not working please enable javascript
EPSRC
Powered by UKfast
STFC
Genetics Society
ipDTL