cube_rat
Thinks s/he gets paid by the post
- Joined
- Jul 12, 2005
- Messages
- 1,466
wab said:Well, there's security and there's paranoia.
Ms. Paranoia here...
wab said:Well, there's security and there's paranoia.
cube_rat said:Ms. Paranoia here...
El Guapo said:Obviously not that simple, but then again I had 20 seconds to put it in.
Why in the world would I have a need to look at my ever-changing Vanguard numbers at any place other than at home where it is as safe as it can be?
mja said:Yes, not quite that simple. In your example the MITM would have to have an SSL certificate for www.vanguard.com that's signed by someone your browser trusts. That's no easy task, and I have no recent memory of any of the root CA keys being comprimised.
It's not impossible of course, but the probability of this attack is low enough that I don't generally worry about it.
Hey, those coffee shop employees have to supplement their income somehow. The Starbucks stock options at their compensation level won't do it.El Guapo said:But we do live in a wonderful environment of security by obscurity and lots of people with better things to do with their lives. That's helpful to people who wont spend a few dollars, take a few minutes of time and employ a few common sense rules to keep their identity and information safe.
El Guapo said:Being able to fool a laptop in that controlled fish bowl to think it was talking to vanguard with all the right stuff is not trivial but not that complicated either. Not something anyone would likely bother to do since the most fun thing they could do with your info is sell all your holdings and having a check sent to your house.
lazygood4nothinbum said:for those frequently on the road, could an institution set up a system whereby you utilize a username and password to see your accounts on a read-only basis without being able to access them online, but then you call in and manipulate your accounts either by voice or a touchtone phone? would that add a layer of security or am i just being unbelievably paranoid?
I've heard that story told as a "portable ATM".El Guapo said:Some russian mob dudes (allegedly!) around here came up with a pretty funny MITM. They made up their own credit card boxes, stuck them on over the gas pumps credit card slot in the wee hours of the morning, then came back the next day and pulled them off. In the meanwhile hundreds of people stuck their credit cards and atm cards into the bogus stuck on slots and had their #'s and pins swiped.