Naked Science Forum

Non Life Sciences => Technology => Topic started by: thedoc on 16/09/2014 16:15:38

Title: How safe is your personal data?
Post by: thedoc on 16/09/2014 16:15:38
Have you been hacked? This week we examine the risks from public WiFi, why the Internet of Things is jeopardising the security of your home, the threats frequently lurking inside innocent-looking documents, what your mobile phone says to cybercriminals without your say-so and the new method of marketing: you compromise your competitor's website. Plus, in the news, an update on ebola, do bereaved people really die of a broken heart, and DNA points the finger at a Jack the Ripper suspect...


Listen to this Show (http://www.thenakedscientists.com/HTML/podcasts/naked-scientists/show/20140916/)

or  

If you want to discuss this show, or ask a question, this is the place to do it.
Title: How safe is your personal data?:}
Post by: thedoc on 18/09/2014 17:00:11
Have you been hacked? This week we examine the risks from public WiFi, why the Internet of Things is jeopardising the security of your home, the threats frequently lurking inside innocent-looking documents, what your mobile phone says to cybercriminals without your say-so and the new method of marketing: you compromise your competitor's website. Plus, in the news, an update on ebola, do bereaved people really die of a broken heart, and DNA points the finger at a Jack the Ripper suspect...

Read the article (http://www.thenakedscientists.com/HTML/articles/article/1000853/) then tell us what you think...

Title: Re: How safe is your personal data?
Post by: richardash1981 on 21/09/2014 17:14:19
I'm surprised this hasn't generated more replies. I'm specifically responding to the interview with Daniel Cuthbert from Sensepost. He claimed that if a mobile device connects to online banking over an insecure network the data could be intercepted by whoever controls the network. But any online banking portal will be using SSL encryption, which both encrypts the data and conducts end-to-end authentication of the connection, to make sure you really are connected to your bank, and not an imposter in between. So I don't understand why there is a problem, provided that I don't get sent to a fraudulent imposter site (which I would know because my browser would warn me), and the security certificates are valid (again, browser trust is important, but a malicious network can't break that).

Everyone then suggests installing a VPN to encrypt traffic, off to another server which is hopefully controlled by someone trustworthy - and not by a scam merchant taking my money and getting a much higher level of access to monitor and intercept my traffic (as it exists their servers) as well.

It also isn't clear to me why a malicious network won't just intercept (via a man-in-the-middle compromise) a VPN connection as easily as an SSL connection, except that VPN clients are much more niche applications with much less information about how they are secured.

Is this just a way to sell VPN products and services?
Title: Re: How safe is your personal data?
Post by: chris on 22/09/2014 19:48:44
Good point.

This is a nice description of how secure connections work:

http://robertheaton.com/2014/03/27/how-does-https-actually-work/
Title: None
Post by: Mia Alexiou (Software Engineer) on 28/09/2014 16:14:57
I usually love your podcast but I felt disappointed by the sensationalist and disingenuous information provided by the security experts in this episode. Most sites and apps that serve sensitive information (including banking, facebook, gmail etc) use ssl to encrypt data and thus keep users safe - even over malicious networks. While it is certainly a good idea to avoid connecting to malicious networks it is not the calamity that this episode made it out to be. Rather than freaking people out it would have been better to teach users what ssl is and why they should be weary of untrusted certificates and websites/apps that do not use ssl.
Title: Re: How safe is your personal data?
Post by: RD on 14/10/2014 02:56:53
There are ways around https ...

Quote from: grc.com
The “S” added to the end of the “HTTP” means SECURE.
(Or at least it was supposed to.)

The presence of the unbroken key or the lock icon on the web browser once meant that the connection between the user and the remote web server was authenticated, secured, encrypted . . . and not susceptible to any form of eavesdropping by any third party. Unfortunately, that is no longer always true ...
https://www.grc.com/fingerprints.htm
Title: Re: How safe is your personal data?
Post by: alancalverd on 14/10/2014 07:42:12
Always and only write cheques. Online banking wastes your time instead of the bank's, which is why they promote it.

And remember if the bank says that your security has been compromised, or someonme has forged your signature, it's prima facie their fault because it's their security system that they insisted you should use: the contract is for the bank to pay on your order alone, and if they can't be bothered to verify the order, they have broken the contract.

Truly personal data is an odd thing. If you visit a hospital or a dentist, your digital x-rays will be stored for ever under a couple of layers of password, which will waste everyone's time and contribute nothing to your treatment (oldfashioned film x-rays were thrown away after 2 years because they are mostly irrelevant), but your presence in whatever clinic will be on public view*, and there's no mistaking the plaster on your leg or your shiny new teeth, and the really important stuff like vital signs, drugs, history, etc., will be written on a paper file that anyone can read until it is lost.


*Just to make absolutely sure, they pay a nurse to walk into the waiting area and shout your name!
Title: Re: How safe is your personal data?
Post by: evan_au on 14/10/2014 10:31:04
Whatever encryption you use, given enough compute power (and brain power), it can be broken.

With the exponential increase in computer power, this often happens quite quickly.

In the end it is a balance between the occasional inconvenience of turning on encryption in your browser vs the occasional inconvenience of someone breaking your computer, or stealing your banking details.
Title: Re: How safe is your personal data?
Post by: RD on 25/10/2014 14:12:18
... Public WiFI hotspots intentionally use no encryption (so anyone can use them), but this also means that other people with suitable software on their computer can see what you are doing

True , but you can avoid eavesdropping in that situation by using a Virtual Private Network (http://en.wikipedia.org/wiki/Virtual_Private_Network).