Quote:
Originally Posted by aap1966
I often use the work WiFi for internet stuff where security is not an issue; reading the news, perusing the wisdom of PARF, that sort of thing.
Foe secure stuff, banking, etc, I use my own device connected via 3G.
My questions: (while realising that nothing is absolutely "unhackable")....
If the WiFi is hacked, should the banking encryption be sufficent to stop my meagre funds going to Nigeria?
Could work IT get passwords etc entered over WiFi? (I assume work IT can see what websites I'm visting)
Thanks in advance.
|
Any decent site should only put your credentials over an already-encrypted HTTPS connection. That said, I've seen more than one website that didn't actually start HTTPS until you provided the login/pass "in the clear". But barring bonehead moves like that on the part of the destination website, your work IT shouldn't be able to get anything beyond the websites you're going to. Unless they crack the remote website and use that to snoop your connection.
If you were really concerned, use VPN; which protects you from snooping on the local network, at least until you pop out somewhere else, anonymously and a lot, lot busier than your office or coffee shop - although at some point Echelon will see you. Even though that doesn't exist.
As far as "encrypted" traffic is concerned; who knows what vulnerabilities in SSL/TLS and/or 3G exist today and aren't publicized by the folks happily reading your traffic? Read this
The NSA's Heartbleed problem is the problem with the NSA | Julian Sanchez | Technology | The Guardian
If you're concerned about three letter agencies, you're pretty much screwed - the NSA, for example, even if they can't read it today, can hoover up all your traffic and store it, encrypted, until they can. Given enough power, anything can be cracked. And they probably have more than everyone else put together..
The biggest concern for most folks should probably be the hosting site.
Because these don't handle/store credentials/information they shouldn't, are all run by competent IS professionals, only run correctly configured & secured systems/software with all applicable patches and respond appropriately in a timely fashion always. Just ask Linked In/TJX/Facebook/Adobe/Target/Pinterest/Home Depot/JP Morgan Chase/Ebay/Sony et al...
If you're not using your personal device, and using a company-supplied computer, I know at least one large US company that routinely, in the standard build (without which you can't get on their network) installs a keylogger. Which records every single keystroke you ever type - and this is legal in that jurisdiction. Because it's "their" computer.
I'm not familiar with the local data protection/privacy/ownership of information laws in Oz. You should maybe look into those
