is the TLS secure on WIFI?

a friend asked me if it's safe to do internet banking and i said yes, but not wirelessly. the truth is i haven't followed security news for a while and i don't know the answer! i was thinking of that recent ssl/tls flaw that was found which i think makes a man-in-the-middle attack possible.

is it safe to do internet banking with https on wifi?

 

Make sure his/her browser is up-to-date. Yes, it is safe.

 

Yes; I use it all the time. Google will lead to several things that should be done to avoid problems, but they mostly amount to paying attention. Including:
Make sure that the https is on and shows class 3 (encrypted and authenticated) for both the login and the data transmission.
If you get a certificate mismatch error message, pay attention to it.
And make sure that your browser is up to date, since they all try to protect you from such attacks. If WIFI SSL becomes really insecure, electronic commerce goes down the tubes.

 

great, thanks for the help so, the main thing is you'd get a certificate authentication error if any monkey business is going on?

 

My advice is don't do anything sensitive on ANY untrusted network.

Yes, SSL is mostly safe if you pay attention when you log in. I wouldn't risk it though. A certificate error isn't always going to pop up either depending on what the attacker uses.

 

oh god, is this going to get complicated? i looked it up and found this -
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
http://www.ietf.org/mail-archive/web/tls/current/msg03943.html

that says you get a certificate error and then i remembered seeing an episode of 'security now' about it (i don't want to listen to it all!) at the top it says this "Steve explains exactly how an attacker can inject his or her own data into a new SSL connection and have that data authenticated under an innocent client's credentials."
http://www.grc.com/sn/sn-223.htm

i learned years a go never to talk about computers to anyone i meet, i should have changed the subject when asked if internet banking is safe lol. i don't do internet banking and don't use wifi much either so i'm not that bothered, i just feel bad for telling someone not to use it when that's how they do their banking!

 

Very appropriate for patch Tuesday. Possible exploits are always being found and patched by Microsoft and others; SSL is no different. Most of the exploits in the news actually seem to be on the server side, since this is how to get high volumes of useful data for hackers. I include dishonest employees on the server side, BTW. Even a VPN only protects your data as far as the VPN server (client side) with SSL.
I have been using electronic banking and other commerce for many years-know the guy who claims to have invented it-and don't really have another alternative. And often don't have an alternative to a wifi link for extended periods of time. So paying attention, looking at alerts, keeping up with updates are important. But generally your financial institution protects you financially against such exploits anyway, so a little vigilance goes a long way. And they take action rapidly when such attacks as MITM are discovered.

 

You know Al Gore?!?

;-)

 

LOL. No, Al must have been the "big picture" guy who thought of it first. For the first guy to actually build one, look up Bill Finkelstein.

 

ok, thanks for the help. i'm going to keep my mouth shut and not bring the subject back up