2 questions about online security

[Don Rob]

I use web sites to pay some of my bills, and do other things. I'm wondering if changing the IP address, your ISP gives you, helps
with this? It seems to me like it might, but I don't know for sure.

When you call a company with a web site, they always claim it's
very secure......I have my doubts however.

Another question is, are the free e-mail services like Excite, Hotmail,
AOL and Inbox.com. Are they safe, sense after paying a bill, that's
were the confirm goes. I realize there are many free e-mail sites. They
all claim to be safe. But, when you are not paying anything for them,
I just wonder. I know enough not to use passwords like abcd...

I don't ever pay bills, while at an RV Park. I don't use WiFi at all. Not
that it is not secure, I just have never done that. I set-up all necessary
payments in advance of going some place. RVing or any other travel.

I just wonder if my fellow RVers have ever had any trouble? I never
have had any as a result of online transactions. A credit card number
was once compromised, but not because of use online. Anyway, I'm
just a wondering.

[garym114]

Transactions on the web should always be through a secure web page, lock symbol on address bar of your browser. That is secure. Changing IP address just changes your address, that's all.
I still use my service providers PC based email. for business.

[sdennislee]

Use an Anonymizer program for enhanced security.

Hide IP and Anonymous Web Browsing Software — Anonymizer

[ljr]

Quote:

Originally Posted by garym114 Transactions on the web should always be through a secure web page, lock symbol on address bar of your browser. That is secure. Changing IP address just changes your address, that's all. I still use my service providers PC based email. for business.

Agree, plus assume every unencrypted email through any server is as secure as something displayed on a public billboard. There are many opportunities for many people to grab a copy of an email as it goes across the internet. They can be encrypted but that requires some setup on both ends that most haven't done.

[Wayne M]

Well, first, you "don't use WiFi at all" raises your security level. Using DSL makes it considerably harder to intercept any of your transmissions.

As stated, Look for the lock icon in the browser you are using. The server should be using SSL, so you will see the URL change to HTTPS: So with that, I really would not worry.

There are two forms, HTTPS, and S-HTTP. The HTTPS has become the defacto standard. S-HTTP does not secure the "POST" fields, whereas HTTPS wraps the entire communications in SSL.

Let me ask this. Do you ever use a cordless telephone, or your cell phone to do commercial business? Those are more at risk of being intercepted than HTTPS communications. Even the old standard wall phone can be intercepted. There are no "two wire," going from point a to point b, but a network of communications towers. Any one with the right equipment can sit under a tower and intercept communications that are not encrypted. And for the encrypted ones, well, they could intercept them, but then the have the added problem of decrypting them.

JMHO from an old SIGINT man.

Try this: https://irv2.com
then try this: https://yahoo.com
Then go to your favorite financial site and log in and look at the URL (and lock symbol)

[HD4Mark]

Quote:

Originally Posted by Wayne M Even the old standard wall phone can be intercepted.

I was a phone man for 32 years. You can't believe how easy it is to listen in on a wired phone line. It doesn't happen to often though. Any time we found evidence of wire tapping it was immediately reported to corporate security and they contacted the authorities. Sometimes they were legit but we were never told. If you were told to leave it alone that answered that.

FWIW I don't think the newest version of Firefox has the padlock icon on the bottom any longer. You can see if it is secure by looking at the address bar though. We have paid bills and managed our bank accounts for years over the internet without any problems BTW.

[Wayne M]

Hey Mark,
I wasn't talking about hard wire, I could do it with electronic equipment sitting under a microwave tower. That way I could select the conversation being multiplexed at will.

But you are absolutely correct. Wiretapping is easy if you don't get a court order.

The same can be said for the Internet, but the price of the equipment is very steep. The typical crook will not go to that extreme. If he can't hack in easily he will just pass on by.

[GaryKD]

Hi Don Rob,
The previous posts provide some technical info about Internet security. I was in the business 14 years before retiring in 04. I ran a mega million dollar Internet business. For you and me the bottom line is forget about it. As long as the browser you use shows you are using one of the previously mentioned technologies you can feel safe and sleep at night.

I use all kinds of wireless networks. The site you are communicating with has set the security with your browser. I could care less if the network is "secure". If anyone grabs a secure transaction, they can't do anything with it. So, as long as the bank, broker or other secure site has established a secure protocol with your browser, feel free to use any available network.

As to the network based email services, I prefer not to use them. I prefer to use P/C based email. This means when my P/C email program (i.e., Outlook) is launched, it will contact the network email server and receive my email. My email is securely stored on my P/C. This is also true for my address book, etc. All the host email does is store yet to be received emails and a send server for those emails I send. All my stuff remains with me, in my command and control.

[Bubwheat]

I would only add that I do not use debit cards online at anytime. They do not have the fraud protections that credit cars do. I do all of my financial transactions online, rarely see any cash, and have not had any problems in doing so.

[Don Rob]

I agree about not using debit cards. And with the ease of tapping regular
phone lines and wireless as well. My understanding is that wiretapping is a
federal felony, that is enforced by the FBI. So, criminals don't use that MO. But, any of the 3 is still possible. I feel it's just best to keep an eye
on bank, brokerage, mutual fund and credit card accounts.

If they are some how gotten into, then you can inform the organization
and they will put a stop to it. I think it's also a good idea to check your
credit once a year. See what's going on. When you move make sure all
the necessary organizations are given your new address.

I think ID theft has been overblown by the media, but if it happens to
you, then you may I suppose feel very different.

When going out to dinner, when you give the waiter your credit card,
they then dissapear for 5 to 10 mins. That's when they could copy down
some of the card info, like the 3 numbers on the back of the card.
So, I try and avoid that situation. I like to make sure my card is only
swiped once. When going out to eat, which a lot of people do while RVing.
I know this is just common sense, but many people never think about it.

[wa8yxm]

There are several things that affect on-line safety.. A whole lot of them include the word "YOU" as in.. well, YOU.

When you contct a site that deals with financials you might notice that it is usually HTTPS:// something or another. The S stands for "Secure" How secure I do not know but your computer and the other computer negotatite a pass code that is valid for that session only How this is done I do not know and I suspct it's not always the same way.. Is it breakable.. of course, however odds are small less you are a known target (IE: Bill Gates). Still it happens.

As for E-mail.. That is a common infection vector for YOUR comptuer, E-mails for years have often been infected.. Now if you have good A/V software, it will usually discover the infection and "Quarenteen" it before it bothers you.. Likewise many Firewall programs now scan incoming E-mail as well.. Still WEB mail (most all the free services you describe) is kind of nice.

First, you can go to any computer and check your mail.. Same as your primary computer (I use 3 different ones here in the Motor home just now)

Second, the infeciton, never sees your computer.. I mean I once tried to download a known infected file from the web mail service I use.. Gave up, too many layers of "Are you SURE you want to do this ill advised thing" messages. I gave up.

(I had just made a full back up of my comptuer so worst case I was 1.5 hours from clean, and I wished to see how my A/V sotware would deal with it.. but it was just too much work to find out).

But basically your security depends on you.

Visit hot.hot.hot.xxx.whatever and odds of your security being comprimised approach 100%. (just as an example of what NOT to do) Stick with legal sites, your odds of infeciton are...... Lower.

[M2HB]

Quote:

Originally Posted by Wayne M JMHO from an old SIGINT man.

NSG? AFSS? ASA? INSCOM? NSA? I'm guessing NSG from your icon. ASA here. 1970-1974. Where in Texas are you? I'm in Arlington.

mdh

[Wayne M]

MDH,
NSG but we were Marine Support Battalion. In 67 I attended the NMCA course at Fort Devens. I'm close to Galveston.

Gary,
x2 on PC based email. I have the ability to run 3 computers, two when on the road. the nice thing about PC email clients is that you can download the email, disconnect from the interent, take the laptop to the laundry, etc., read and reply to email, and when you reconnect all your replies are sent. I also leave a copy on the server for a period of time so that if I switch computers it downloads the email to that computer.