Sunday, January 5, 2014

What's the safest way to do my online banking: over a wired connection, powerline networking or Wi-Fi?
The answer doesn't matter as much as you might think, but asking the question does mean you're approaching your online security in the right state of mind.
Overall, a wired ethernet link is more secure than either Wi-Fi or powerline networking, in which the electrical wires in your home carry Internet data. To compromise an ethernet network, an attacker needs to get into your house and plug in a laptop, while Wi-Fi signals go beyond your home and powerline networks can leak information to adjacent dwellings.
Both Wi-Fi and powerline setups come with encryption options to scramble data flowing over the network; once you switch them on, an attacker would need to know the password to break in. But Wi-Fi's obsolete WEP encryption can easily be defeated — and is still presented as a valid option in routers' setup routines.
Furthermore, if you leave a router on its default administrative password, somebody who connects to your network can also monkey with the router's settings to redirect your traffic to rogue sites. For much the same reason, you shouldn't automatically trust third-party wireless hot spots.
Financial sites use encryption of their own to scramble data flowing to and from your computer — as reported by your browser with a lock icon in its toolbar that, when clicked, should display an info sheet including the bank's name — and that should almost always outweigh the security of your local network.
(A determined attacker could defeat a bank's login security by persuading a user to connect to a router running malware that subverts this encryption, but this seems to have been a theoretical exercise to date.)
Your local network, however, makes up only one part of the "attack surface" of online banking, and it may not be nearly as profitable as two others: your computer and your mind.
If an attacker can get a keylogger on your computer to record your keystrokes, the strength of your bank's encryption and the complexity and novelty of your password won't matter at all — each tap of the keyboard will have already been recorded and transmitted.
That's why it's important to keep up with security updates for both your operating system and your browser (if you haven't disabled Oracle's vulnerability-prone Java Web plug-in, now would be a fine time to do so).
And if an attacker can fool you into typing your username and password into a phony site by sending you a phishing e-mail, your security-fix fastidiousness won't matter either.
You can thwart phishing attacks with the extreme measure of using a separate computer for online banking and nothing else (recommended at a panel on identity theft that I moderated earlier this month) or the lesser step of throwing a Linux LiveCD into your regular PC and booting off that for online banking sessions isolated from your usual software. But it's just a little easier to remember this basic rule: Never log into a bank account by clicking on a link sent in an e-mail.
If you're not sufficiently depressed about the state of financial security online, Target's massive credit-card breach — apparently executed by exploiting the retailer's in-store systems — offers a reminder that many account compromises happen in places we can't control.
And the best way to watch for them is to monitor your account for unusual transactions — which means you should do more online banking, not less.
Many major sites, from Facebook to Google to Microsoft to Yahoo, now allow "two-step verification" to protect users' logins from the loss of a password. That option requires users to vouch for all logins, or only those from strange computers or locations, by typing in a one-time password sent to their phone via text message or to a specialized app like Google Authenticator.
Most financial institutions, however, have yet to tune in to this trend. There's Bank of America's SafePass, CitiBank's identification codes Ally Bank's Security Code, and not much else. But if your bank offers this option — which may require looking around its site — you should enable it right away. And if it doesn't, you might want to ask why.

8 comments:

Anonymous said...

Romanian MPs voted on Tuesday a series of changes to the Penal Code that would boost their immunity in case of corruption charges. The vote, which prompted media to call it "The Black Tuesday" of Romanian democracy, sparked a series of harsh reactions from Western embassies and international institutions on Wednesday. "This move by the Parliament is a step away from transparency and rule-of-law and is a discouraging sign for investors", said the US Embassy to Bucharest in one of its harshest positions on Romanian events for years.

Anonymous said...


A few years ago, I started a very informal entrepreneurs’ club for founders of fast-growing “mid-market” businesses (with a somewhat arbitrary £10m turnover threshold).


There are about 20 of us, ranging from Innocent to Quintessentially, JoJo Maman Bébé to Leon, Moonpig to advertising agency Mother, YouGov to Holiday Autos.


While plenty of bodies readily lobby for entrepreneurs, few are led by people who have grown a business themselves. And so, at our last gathering, we discussed what we thought government could do to help companies like ours flourish. The answers were surprising.


No one cited lack of credit or had experience of really unhelpful banks.

Anonymous said...


Heavy snowfall snarls travel in US north-east as temperatures plummet

Boston snow Thousands of flights cancelled and schools closed as some towns see more than two feet of snow and frigid temperatures

Anonymous said...

Wet blanket time: who is this article aimed at?


"We have done interviews over Skype, and they've arrived the next day."

This is great, but then we get

The influx of young well-paid non-German speaking people

Another advantage of Germany, of course, is that there is no minimum wage and young graduates often work for years for a pittance.

Well.paid non-Germans are unfortunately always individuals, never influxes.

Who are we trying to kid here?

Anonymous said...

My place is in the middle of Kreuzberg and I get a lot of english speaking people passing through. There are a few reasonable earners, mainly those who can work online. Well paid jobs apart from that are extremely rare and the start up industry is so focussed on apps that very few succeed and the ones that do don't generate much income for Berlin. Noteworthy that here in the most 'gentrified' of districts, commercial rents haven't altered much whilst flat rents have soared driven by tourist demand.
In other words the economy is still bad and the main opportunities are in doing intern work for close to zero.

Anonymous said...

Don't be fooled - I moved to Berlin a year ago to work a start-up job. Yes, it's cheap and if you like going out at 2am to smoke-filled bars and clubs, then go nuts. The startup I worked for went under, making 200 people from 23 different countries redundant.

I always felt like an outsider in that I was the only one of my friends with a job that paid well. Everyone else was a 20-30 something failed artist/poet who were running away from their problems elsewhere, hiding in their 200€/month rooms because it was deemed 'acceptable'. The fact is, it will never be a London or a Paris and getting a job is nigh-on impossible if you don't speak German. In many ways, it's an empty shell of a city with actually not that much to it.

I loved Berlin, and I was so, SO lucky to have the opportunity to work and live there but seeing as I'm not wide eyed and 23, I have no desire to return.

Anonymous said...

Actually I go fairly regularly. Berlin has a lot of open plots with pocket parks playgrounds etc that would not exist due to commercial pressure in Manhattan and probably not London either. Most of the city is not built very high either, so there are tons of buildings that can be built upward or replaced.

Plus compared to many cities berlin has outstanding public transportation coverage in terms of the reach of the s-bahn, metro, trams and buses combined. Again people in Berlin take this for granted but IMO the coverage is very impressive.

I concede the prices for renting an apartment are higher than mentioned in the article, but I do think both rental prices and purchase prices for berlin real estate are low for what is the capital city of Europe's economic power house and also a major cultural and historic center in Europe. High compared to Berlin of 5-10 years ago, yes - but actually low in that wider perspective.

Take a walk around Manhattan or even Brooklyn and you will see berlin in a completely different light. I think it is not even scratching the surface of where it could be in terms of real estate value and certainly urban density.

Anonymous said...

The ordinary Berliner are traditionaly quite suspicious outsiders, one reason for the spate of car fires in Kreuzberg and other districts, and this trend of incoming non German speakers will most likely inflame local v. outsider resentments . Another side effect of the start up 'boom' is it's attracted lots of professional hackers who set up in disused apartments and abandoned industrial buildings, many of which are left empty becuase of Germany's bizarre laws on renovation that means its often more lucrative for landlords to leave them empty then rent them out.

It's true that many Germans speak English, but very few speak it well, let alone fluently, and most end up learning a kind of bastardised pidgeon business English full of imported americanisms and managementspeak.