[Gllug] online banking

Mike Brodbelt mike at coruscant.demon.co.uk
Mon Nov 14 20:43:22 UTC 2005 

Diana Scott wrote:
> Hi Henry
> 
> Is it safe to give passwords and credit cards details over online shopping 
> or banking sites?

I would say it is, in general. Or rather, while it may not be "safe",
it's no more unsafe than using your credit card in a shop or an ATM,
where people are known to skim cards, shoulder surf PINs, etc. You
should of course realise that it's easier for a scam artist to set up a
convincing website than it is to set up a bricks and mortar store, and
choose the online merchants to trust with care.

> Is Firefox or Konqueror safer with online banking activies?

Safer than IE, yes. IE has two huge drawbacks - it's installed base
means it's the most obvious target, and its deep entanglement with
Windows means that many security holes in it give system level access,
whereas a hole in a less "integrated" browser is less likely to be as
critical. Also, most users of Linux or Mac OS don't run with root
rights, whereas most Windows users do run as an Administrator equivalent
user, so IE looks even worse due to the fact that it runs on the least
secure OS out there.

> Hotmail has asked me to type in some numbers in the picture box. Has my 
> hotmail mail box been  hacked or other people can check the contents of my 
> email box?

That technique is to prevent automated attacks. Computers are bad ad
recognising what those numbers are, so the test you saw hotmail ask you
to do was just to prove you were a real human, not a program trying to
brute force the password on your account. This is a good thing for your
security (though there are ways to defeat these schemes).

> How do I know I have turned on the firewall with my suse 9.3? Do I need to 
> config the firewall in order to stop other people hack into my laptop?

Try "iptables -L", which will show you the current rules in the kernel.

> Is it true that Suse is no more secure than Windows XP?

Security is about your state of mind, as much as it is about the
software you run. SuSE has a better configuration "out of the box" than
XP, though XP is getting better with SP2. Linux software on the whole is
better - far too much Windows stuff won't run unless you're
administrator equivalent, so most people on Windows run at that level.
No software will protect you from security attacks (like phishing) that
exploit you, using the computer only as a conduit.

HTH,

Mike

P.S. Reading Bruce Schneier's stuff is always an interesting perspective
on security.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list