backstreetboy
Honorary Master
- Joined
- Jun 15, 2011
- Messages
- 49,397
- Reaction score
- 56,416
Luckily don't have a car
They give me R100 for free every month so not sure how they're crap?
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What is the ultimate French toast topping?
'Avoid using free, public Wi-Fi for banking'
- Thread starter schumi
- Start date
Luckily don't have a car
They give me R100 for free every month so not sure how they're crap?
supersunbird
Honorary Master
SauRoNZA
Honorary Master
Android.
How can you not know this? He makes certain everyone is aware at every corner.
- Joined
- Nov 20, 2015
- Messages
- 41,546
- Reaction score
- 21,127
Taken further - the app is "hijacked" by a decoy website, where they milk it for what it's worth before sending it on to the real bank's website.
Is something like this possible?
supersunbird
Honorary Master
Android.
How can you not know this? He makes certain everyone is aware at every corner.
Oh, nothing wrong with Android, certainly not enough to call it ****ty.
I try not to pay too much attention to fanatic backwardsboys posts.
LCBXX
Honorary Master
Exactly. Therein lies the value but that would mean said "experts" have to do more than trawl white-papers and security websites prior to holding a press conference.
"Internet banking" apps on a phone should be more resilient to attack not less.
They can actually verify the certificate using a known cryptographic hash. As well as forcing the cryptographic algorithm for TLS. So for a company like FNB to prevent public AP internet banking makes me wonder if they did the above mentioned.
Even if you don't do these steps you would need a compromised CA to issue certificates. It isn't unheard of, it has happened twice now in recent years but was caught pretty quickly. Both companies have subsequently had their trust broken by all major browsers. Both companies also declared bankruptcy. Basically a single leak these days will mean your trust chain will be broken and you pretty much can kiss your company goodbye at that point.
Additionally Google, on Android for example, does do hash verifications of their own certificates from known good values on their own apps and Android. So Google.com is a good place to start to see if someone is d#cking around with your data. Chrome will also alert you to the fact that a CA certificate has change since your last visit (or outright block access to the site).
Lastly it is worth pointing out that this all requires incredible amounts of knowledge about TLS and significant compromises to have occurred before the time.
My company is one of the 5 largest tech companies in the world and our policy is, you can use public wifi but you are strongly advised to use our VPN to protect your privacy.
The internet is not assumed to be safer using a known gateway than a public one. That is unfortunately the reality of the internet.
DNSSec would be one step further in this game. It is probably the biggest concern for internet security at this point. (at least in my opinion)
They can actually verify the certificate using a known cryptographic hash. As well as forcing the cryptographic algorithm for TLS. So for a company like FNB to prevent public AP internet banking makes me wonder if they did the above mentioned.
Even if you don't do these steps you would need a compromised CA to issue certificates. It isn't unheard of, it has happened twice now in recent years but was caught pretty quickly. Both companies have subsequently had their trust broken by all major browsers. Both companies also declared bankruptcy. Basically a single leak these days will mean your trust chain will be broken and you pretty much can kiss your company goodbye at that point.
Additionally Google, on Android for example, does do hash verifications of their own certificates from known good values on their own apps and Android. So Google.com is a good place to start to see if someone is d#cking around with your data. Chrome will also alert you to the fact that a CA certificate has change since your last visit (or outright block access to the site).
Lastly it is worth pointing out that this all requires incredible amounts of knowledge about TLS and significant compromises to have occurred before the time.
My company is one of the 5 largest tech companies in the world and our policy is, you can use public wifi but you are strongly advised to use our VPN to protect your privacy.
The internet is not assumed to be safer using a known gateway than a public one. That is unfortunately the reality of the internet.
DNSSec would be one step further in this game. It is probably the biggest concern for internet security at this point. (at least in my opinion)
Last edited: