is the TLS secure on WIFI?

Discussion in 'privacy general' started by iceni60, Jan 11, 2010.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    a friend asked me if it's safe to do internet banking and i said yes, but not wirelessly. the truth is i haven't followed security news for a while and i don't know the answer! :D i was thinking of that recent ssl/tls flaw that was found which i think makes a man-in-the-middle attack possible.

    is it safe to do internet banking with https on wifi?
     
  2. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    Make sure his/her browser is up-to-date. Yes, it is safe.
     
  3. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Yes; I use it all the time. Google will lead to several things that should be done to avoid problems, but they mostly amount to paying attention. Including:
    Make sure that the https is on and shows class 3 (encrypted and authenticated) for both the login and the data transmission.
    If you get a certificate mismatch error message, pay attention to it.
    And make sure that your browser is up to date, since they all try to protect you from such attacks. If WIFI SSL becomes really insecure, electronic commerce goes down the tubes.
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    great, thanks for the help :cool: so, the main thing is you'd get a certificate authentication error if any monkey business is going on? :D
     
  5. Reimer

    Reimer Registered Member

    Joined:
    Apr 6, 2008
    Posts:
    217
    My advice is don't do anything sensitive on ANY untrusted network.

    Yes, SSL is mostly safe if you pay attention when you log in. I wouldn't risk it though. A certificate error isn't always going to pop up either depending on what the attacker uses.
     
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    oh god, is this going to get complicated? i looked it up and found this -
    http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
    http://www.ietf.org/mail-archive/web/tls/current/msg03943.html

    that says you get a certificate error and then i remembered seeing an episode of 'security now' about it (i don't want to listen to it all!) at the top it says this "Steve explains exactly how an attacker can inject his or her own data into a new SSL connection and have that data authenticated under an innocent client's credentials."
    http://www.grc.com/sn/sn-223.htm

    i learned years a go never to talk about computers to anyone i meet, i should have changed the subject when asked if internet banking is safe lol. i don't do internet banking and don't use wifi much either so i'm not that bothered, i just feel bad for telling someone not to use it when that's how they do their banking!
     
  7. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Very appropriate for patch Tuesday. :) Possible exploits are always being found and patched by Microsoft and others; SSL is no different. Most of the exploits in the news actually seem to be on the server side, since this is how to get high volumes of useful data for hackers. I include dishonest employees on the server side, BTW. Even a VPN only protects your data as far as the VPN server (client side) with SSL.
    I have been using electronic banking and other commerce for many years-know the guy who claims to have invented it-and don't really have another alternative. And often don't have an alternative to a wifi link for extended periods of time. So paying attention, looking at alerts, keeping up with updates are important. But generally your financial institution protects you financially against such exploits anyway, so a little vigilance goes a long way. And they take action rapidly when such attacks as MITM are discovered.
     
  8. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    You know Al Gore?!?

    ;-)
     
  9. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    LOL. No, Al must have been the "big picture" guy who thought of it first. For the first guy to actually build one, look up Bill Finkelstein. :)
     
  10. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    ok, thanks for the help. i'm going to keep my mouth shut and not bring the subject back up :D
     
Loading...
Thread Status:
Not open for further replies.