The Naked Scientists

The Naked Scientists Forum

Author Topic: How safe is your personal data?  (Read 3787 times)

Offline thedoc

  • Forum Admin
  • Administrator
  • Sr. Member
  • *****
  • Posts: 511
  • Thanked: 12 times
    • View Profile
How safe is your personal data?
« on: 16/09/2014 16:15:38 »
Have you been hacked? This week we examine the risks from public WiFi, why the Internet of Things is jeopardising the security of your home, the threats frequently lurking inside innocent-looking documents, what your mobile phone says to cybercriminals without your say-so and the new method of marketing: you compromise your competitor's website. Plus, in the news, an update on ebola, do bereaved people really die of a broken heart, and DNA points the finger at a Jack the Ripper suspect...


Listen to this Show

or  

If you want to discuss this show, or ask a question, this is the place to do it.
« Last Edit: 16/09/2014 16:15:38 by _system »


 

Offline thedoc

  • Forum Admin
  • Administrator
  • Sr. Member
  • *****
  • Posts: 511
  • Thanked: 12 times
    • View Profile
How safe is your personal data?:}
« Reply #1 on: 18/09/2014 17:00:11 »
Have you been hacked? This week we examine the risks from public WiFi, why the Internet of Things is jeopardising the security of your home, the threats frequently lurking inside innocent-looking documents, what your mobile phone says to cybercriminals without your say-so and the new method of marketing: you compromise your competitor's website. Plus, in the news, an update on ebola, do bereaved people really die of a broken heart, and DNA points the finger at a Jack the Ripper suspect...

Read the article then tell us what you think...

« Last Edit: 01/01/1970 01:00:00 by _system »
 

Offline richardash1981

  • First timers
  • *
  • Posts: 2
    • View Profile
Re: How safe is your personal data?
« Reply #2 on: 21/09/2014 17:14:19 »
I'm surprised this hasn't generated more replies. I'm specifically responding to the interview with Daniel Cuthbert from Sensepost. He claimed that if a mobile device connects to online banking over an insecure network the data could be intercepted by whoever controls the network. But any online banking portal will be using SSL encryption, which both encrypts the data and conducts end-to-end authentication of the connection, to make sure you really are connected to your bank, and not an imposter in between. So I don't understand why there is a problem, provided that I don't get sent to a fraudulent imposter site (which I would know because my browser would warn me), and the security certificates are valid (again, browser trust is important, but a malicious network can't break that).

Everyone then suggests installing a VPN to encrypt traffic, off to another server which is hopefully controlled by someone trustworthy - and not by a scam merchant taking my money and getting a much higher level of access to monitor and intercept my traffic (as it exists their servers) as well.

It also isn't clear to me why a malicious network won't just intercept (via a man-in-the-middle compromise) a VPN connection as easily as an SSL connection, except that VPN clients are much more niche applications with much less information about how they are secured.

Is this just a way to sell VPN products and services?
 

Offline chris

  • Neilep Level Member
  • ******
  • Posts: 5337
  • Thanked: 65 times
  • The Naked Scientist
    • View Profile
    • The Naked Scientists
Re: How safe is your personal data?
« Reply #3 on: 22/09/2014 19:48:44 »
Good point.

This is a nice description of how secure connections work:

http://robertheaton.com/2014/03/27/how-does-https-actually-work/
 

Mia Alexiou (Software Engineer)

  • Guest
None
« Reply #4 on: 28/09/2014 16:14:57 »
I usually love your podcast but I felt disappointed by the sensationalist and disingenuous information provided by the security experts in this episode. Most sites and apps that serve sensitive information (including banking, facebook, gmail etc) use ssl to encrypt data and thus keep users safe - even over malicious networks. While it is certainly a good idea to avoid connecting to malicious networks it is not the calamity that this episode made it out to be. Rather than freaking people out it would have been better to teach users what ssl is and why they should be weary of untrusted certificates and websites/apps that do not use ssl.
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8126
  • Thanked: 53 times
    • View Profile
Re: How safe is your personal data?
« Reply #5 on: 14/10/2014 02:56:53 »
There are ways around https ...

Quote from: grc.com
The “S” added to the end of the “HTTP” means SECURE.
(Or at least it was supposed to.)

The presence of the unbroken key or the lock icon on the web browser once meant that the connection between the user and the remote web server was authenticated, secured, encrypted . . . and not susceptible to any form of eavesdropping by any third party. Unfortunately, that is no longer always true ...
https://www.grc.com/fingerprints.htm
 

Offline alancalverd

  • Global Moderator
  • Neilep Level Member
  • *****
  • Posts: 4699
  • Thanked: 153 times
  • life is too short to drink instant coffee
    • View Profile
Re: How safe is your personal data?
« Reply #6 on: 14/10/2014 07:42:12 »
Always and only write cheques. Online banking wastes your time instead of the bank's, which is why they promote it.

And remember if the bank says that your security has been compromised, or someonme has forged your signature, it's prima facie their fault because it's their security system that they insisted you should use: the contract is for the bank to pay on your order alone, and if they can't be bothered to verify the order, they have broken the contract.

Truly personal data is an odd thing. If you visit a hospital or a dentist, your digital x-rays will be stored for ever under a couple of layers of password, which will waste everyone's time and contribute nothing to your treatment (oldfashioned film x-rays were thrown away after 2 years because they are mostly irrelevant), but your presence in whatever clinic will be on public view*, and there's no mistaking the plaster on your leg or your shiny new teeth, and the really important stuff like vital signs, drugs, history, etc., will be written on a paper file that anyone can read until it is lost.


*Just to make absolutely sure, they pay a nurse to walk into the waiting area and shout your name!
 

Offline evan_au

  • Neilep Level Member
  • ******
  • Posts: 4101
  • Thanked: 245 times
    • View Profile
Re: How safe is your personal data?
« Reply #7 on: 14/10/2014 10:31:04 »
Whatever encryption you use, given enough compute power (and brain power), it can be broken.

With the exponential increase in computer power, this often happens quite quickly.
  • The GSM mobile system used a 56-bit encryption called DES, which was effectively weakened criminals could not use it. It then became crackable by ordinary computers while GSM was still actively used.
  • The earliest form of WiFi encryption can now be easily cracked
  • But the biggest security risk is people who leave their home WiFi router with no encryption at all.
  • Public WiFI hotspots intentionally use no encryption (so anyone can use them), but this also means that other people with suitable software on their computer can see what you are doing

In the end it is a balance between the occasional inconvenience of turning on encryption in your browser vs the occasional inconvenience of someone breaking your computer, or stealing your banking details.
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8126
  • Thanked: 53 times
    • View Profile
Re: How safe is your personal data?
« Reply #8 on: 25/10/2014 14:12:18 »
... Public WiFI hotspots intentionally use no encryption (so anyone can use them), but this also means that other people with suitable software on their computer can see what you are doing

True , but you can avoid eavesdropping in that situation by using a Virtual Private Network.
 

The Naked Scientists Forum

Re: How safe is your personal data?
« Reply #8 on: 25/10/2014 14:12:18 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums