[Gllug] online banking

Henry Gilbert henry.gilbert at gmail.com
Sun Nov 13 23:26:35 UTC 2005 

On 11/13/05, Diana Scott <dianascott1 at hotmail.co.uk> wrote:
> Hi Henry
>
> Is it safe to give passwords and credit cards details over online shopping
> or banking sites?
>

It is provided you don't do it on internet cafes.
It is not unheard of people installing keyloggers
(that record what you type)

> Is Firefox or Konqueror safer with online banking activies?
>

It is but they are *not* always immune to phishing.
Phishing is when you a tricked into clicking on a link that pretends
to be your bank.
Like a fake cash machine it then go about stealing your password.

If you type the name of your bank directly on your browser you should be fine.

> Hotmail has asked me to type in some numbers in the picture box. Has my
> hotmail mail box been  hacked or other people can check the contents of my
> email box?

For greater security and to avoid automated "robots"
Many websites try to differentiate a human person from a "program"
by getting them to recognize visual numbers and then typing.

Apparently there is no good software out there that can decipher
squiggly numbers.

>
> How do I know I have turned on the firewall with my suse 9.3? Do I need to
> config the firewall in order to stop other people hack into my laptop?
>

Now that is an area where people with more experience of Security and
Suse can help answer. As far as I know most Linux Distribution comes
with Firewall turned on.

> Is it true that Suse is no more secure than Windows XP?
>

No.
I see people using Windows XP all the time.
Most of my friend fix and install Windows XP.
If they are not riddled with spyware, they are empregnated with viruses.
Although Microsoft is trying to get their act together, SP2 is
supposed to have firewall switched on by default, and automatic
updates are forced upon the user constantly until they finally heed.
I would never do anything involving personal security on Windows.

What is seriously insecure and affects any operating system
are wireless networks.
Traffic can be sniffed easily unless you have a strong security setting
in place beyond the capacity of most users (including myself).

When providing private or important information make at least sure
it is encrypted. Ie https (you get a padlock on the bottom left of the browser)

So for example say you access your hotmail.
And I believe the connection is unencrypted.
And say you have a home wireless network.
A person with the right tools sitting outside your house could grab
your login name and password and then work their way (social
engineering) in getting more and more private details possibly leading
eventually to your bank account.

There are good practices to further enhance security in Linux.
And extra vigilance is always good.
But when people state Windows XP patched is just as safe as Linux patched.
There is no way such statement is true.
The Windows Operating System has been innately insecure right down to the core.

All Operating Systems exposed to the internet are vulnerable to some degree.
The *NIX operating systems should be more secure than the Windows
family by a order of many magnitudes.
That shouldn't encourage new webserver administrators to be negligent.
It's a very different matter for servers.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list