Using an unsecured WiFi signal

Reply Fri 13 May, 2011 06:49 pm
The fact is, if you lost money because of SSL, you would damn well report it.

Yet another assertion. It assumes people would know in which way they had been compromised, or that the banks do. Password-based fraud is simply 'fraud' as far as both of those groups are concerned. Payment card fraud runs about 8 billion a year from what I see. How much of that total is from this? Who can say?

If you disagree, tell me this: If I were to find false charges on my CC, or money missing from my account, how would I know that an false SSL attack was the culprit, in order to report it?

To answer your other question, yes - driving to Starbucks is a dangerous thing to do. One must undergo training and practice in order to be licensed to engage in this activity. I totally agree with your point that, given proper training and education, it would be much less dangerous to engage in such activities; but I don't see that happening anytime soon, and so don't recommend that people engage in these behaviors. If for no other reason than the one I mentioned earlier - would you notice if your site wasn't using SSL? Every time? I don't know if I would, let alone someone who doesn't know much about computers.

As for me, I do not work in the security industry per se, but managing the risks taken - including maintaining credit card and banking security procedures -for a large group of people is a large part of what I do at work.

Reply Fri 13 May, 2011 07:20 pm
I think you are being ridiculous. You probably got the $8 billion figure from this summary of an article that neither of us paid to read in its entirety. Even that article said "biggest category" in the $8 billion figure was people who bought something and then committed fraud by not paying for it. I googled for credit card fraud. Lots of articles list the top reasons for fraud-- none of them list password fraud (which I suspect that this because the numbers are much lower).

Anyway, this discussion is getting silly.

My professional opinion is that SSL over an unprotected network is safe for any practical purpose. I do agree that people should educate themselves on how to use the technology safely. However, this education can be had in 5 minutes because modern browsers are designed to make security easy. The biggest part of the education is to show someone a security dialog and tell them to take these things seriously.

Most people who have expertise in this area agree with me. Of course, the reader can choose to accept my opinion or not.

But with all of the banks now feeling perfectly comfortable to offer their services over mobile devices and advertise them, it seems a little backwards to let fear keep you away from a modern convenience that millions of Americans use without any problem.

But I suppose if you want to let your fear of a technology keep you from using it, it isn't my problem.

Reply Fri 13 May, 2011 11:07 pm
Do you do security for banks?

My firm does.... and you're way too trusting.

Reply Sat 14 May, 2011 06:55 am
The banks don't seem too worried to me.

0 Replies

Related Topics

Recording Detector - Question by gollum
Bad picture on my Sharp LCD TV - Question by hydroplant
LCD TV. Help! - Question by kolinos4
iPhone vs Android Platform - Discussion by Seed
p3 or 360 and why - Question by XxGWOPBOYZxX
Post your latest gizmos - Discussion by Chumly
IPOD OR ZUNE HD? - Discussion by detroittou
Giving up my iPod for a Walkman - Discussion by djjd62
Digital audio in your home sound system - Question by hingehead
Copyright © 2020 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 08/06/2020 at 07:48:27