Public Wi-Fi

Leave a comment

My local police department issued this warning today:

Today’s technology can be extremely useful in our everyday activities, but also dangerous if not done so with caution. Below are some things to remember before you allow you your smart phone, tablet, lap top, or any other device to connect to a publicly shared Wi-Fi network.

  1. Never utilize your online bank or credit card accounts, or shop online when connected to public Wi-Fi.
  2. Be aware that criminals may set up similar network names to a restaurant, café or coffee shop to get you to us their network. When this is done, they can gain access to your personal information.
  3. Make sure your smart phone is not set up to automatically connect to surrounding Wi-Fi networks.

You might ask the difference between public Wi-Fi and the one in your home.  Well, the simple answer is encryption.  Everything you send via a public Wi-Fi signal can be intercepted by someone else on that same network.  Since the transmission is not encrypted that person can read everything you send.  That includes passwords, bank numbers and private emails.

Encryption acts similarly to the locks on the doors in your home.  The locks keep people out unless they have the right key to translate the tumbler in the door.  Similarly, encryption locks your message so that someone without the proper decryption codes cannot understand what you have sent.  No locks mean that anyone can walk into your home;  no encryption means that everyone can read your post. The better the locks, the less likely that undesirable people will come in your home;  the better the encryption, the less undesirable people can read your email.

Advertisements

Man-in-the-Browser and Financial Transactions Security

Leave a comment

Online banking makes paying bills and transferring money easy and fast.  But are you sure that you are protecting yourself and your money?  What would you do in the “real world”?  First, you would want to make sure you were really at the bank, and that it is open.  You  would want to hand your checks and money to an official teller and get receipts of all of your transactions.  In addition, you would probably get fairly suspicious if someone were looking over your shoulder or if you had to conduct your business through a third party (not someone who works for the bank).  You would be wise to ensure that your records were accurate and that no one was stealing your signature or banking documents.

If we are going to take advantage of the benefits of online banking, we need to translate those practices into the virtual world.  First, you should have a unique and strong  password for your banking account.  If you are not sure how to get a strong password, look at my previous post on the topic.  Second, you should avoid using a public computer for your online banking because it might have installed software to log your keystrokes or to remember your passwords without your permission.  Third, you should keep information about your account and password quite secret.  Fourth, of course, you should always be running up-to-date virus protection and malware protection to ensure that your computer is doing what you intend.  Your bank may have additional software and/or devices that provide additional security for your transaction.  Fifth, you must update your operating system and browser as recommended, especially if you use Windows and/or Internet Explorer.  Both products have features that are often

Even if you follow safe computing practices, you may still be at risk thanks to a new kind of trojan (similar to a virus) that might have infected your computer,  called a “Man-in-the-Browser” (or MitB) trojan.  The trojan is a piece of software that does not install itself on your computer, but rather installs itself as an add-on program within your browser, without your knowledge.  What happens is the MitB alters what the user and the bank see during the transaction.  So, for example, the bank does not get correct information about how much money to pay a vendor, and you do not see how much money was actually reported.  In fact, it might transfer money to another account and you might not be aware that it happened.

Your virus protection examines all of the software on your computer by comparing it to known problems or peculiar behavior.  Just as your police officers fingerprints and now DNA samples to compare to evidence at the scene of a crime, your virus protection compares strings of computer programs to those known to be viruses, malware and trojans.  If those do not identify the perpetrator of the crime, they look for people who are behaving strangely.  Likewise the virus protection examines programs for unusual activities, like replicating themselves,  growing quickly, or accessing a number of services on the computers. Generally these strategies work well.  However, MitB trojans are particularly difficult to detect since they change their appearance and behavior tens of thousands of times each day.   A particularly good (and easy to understand) description of this phenomenon was aired on BBC News.  Since they are hard to detect, it might take some time before your virus protection understands that there is a problem and by then it might be too late.

There are some warning signs for this kind of problem.

  • If it takes your computer longer to process requests
  • If your financial transactions take longer than normal
  • If you are asked for more information than normal during your financial transaction, especially if you are asked for passwords or sensitive information such as social security numbers.

What do you do if you experience one or more of those symptoms?  You should call your bank as soon as possible and give them the date and time of the transaction.  Do not email your bank because the same software that interferes with your financial transaction may interfere with the sending of the mail.  Your bank may have monitoring software that catches and disallows unusual transactions to protect you, so you may not have a problem.   If you do, you will need to rely upon your bank’s policy as to how much you are responsible.