My son does consulting security fo many GOV agencies

Heres something he recently sent me

Just got done giving a presentation to the USSS and DHS on how to intercept and obtain confidential information (like facebook or banking usernames and passwords) on ethernet networks by hijacking http and redirecting https.


Folks be careful out there, its not as safe as you think it is....

No it is not a safe place for it is like standing on a street corner and telling things,,,,they can be known to many.

And I would recommend NEVER putting your social security number on the internet.


It is always good to check the activity (financial) against you with one of the national services.

Putting information of the WEB, please assume everyone will have the ability to see it at some time.

pete

My son does consulting security fo many GOV agencies

Heres something he recently sent me

Just got done giving a presentation to the USSS and DHS on how to intercept and obtain confidential information (like facebook or banking usernames and passwords) on ethernet networks by hijacking http and redirecting https.


Folks be careful out there, its not as safe as you think it is....

I'm guessing the presentation you're referring to is pretty much what was presented at last years Black Hat ( http://www.itpro.co.uk/609932/website-danger-as-hacker-breaks-ssl-encryption ). The demonstration was pretty slick. You can greatly limit your potential exposure by not using open/public networks ( i.e. the free Wi-Fi at your local coffee shop or plugging into university networks ). In online security there are no absolutes except maybe that you're always vulnerable. Even through no fault of your own your data can be compromised if whatever cloud provider hosts it experiences a breach. The best you can do is make yourself a smaller target.

rock out w/some cots.
http://www.packetforensics.com/pfli5b.safe

if you think anything you do on the wire is private to you and only you:
nope.

yes, last year performance bike/nashbar's banking interface sites got hacked, and many of their customers CC information got stolen, including mine. it was a real nightmare to make the problem go away.

lots of people paint CC companies as being "bad guys" with high interest rates, late fees, etc., but the good credit card companies are indispensable with the fraud protection they offer.

thousands of dollars worth of fraudulent charges were made to my card, none of which wound up coming out of my pocket, i can only imagine how much these fraud cases cost the CC companies annually, between the $$ itself and the staff/resources they have to devote to fighting fraud.

in the end, i was glad amex was on my side during such a battle.

I agree that providing personal info over the net or phone is risky. I always use a virtual credit card number when buying over the phone or on the internet. It can only be used at one vendor and for a limited amount and time.

As a programmer I've been monkeying around on the interwebs for 20 years or so. The Internet Protocol simply wasn't designed with security in mind. Neither was the server in the restaurant you just handed your credit card to. Bad things happen in lots of places. Digital video (on youtube) at 11.

--Marcus