Is stock trading via Wi-Fi hot spots secure ?

Discussion in 'Computer Security' started by abc, Oct 17, 2003.

  1. abc

    abc Guest

    As soon as you established secure connection
    it **seems** it is secure.

    But may be it just seems ?

    Can the owner of hot spot somehow trick your security ?
    Can in principle someone who may intercept
    wireless signal do the harm?

    Thanks
    abc, Oct 17, 2003
    #1
    1. Advertising

  2. abc

    Kevin Guest

    Given the time, resources and ability, anyone can intercept your
    transactions. I don't do any wireless online trading myself, but I have a
    couple of friends who are professionals and they have some very aggressive
    security software that they run. Your transaction is just as vulnerable
    after it arrives at your brokerage. Think about how you use your credit
    card for example. When you give your card to a clerk to process a purchase
    and they take the card out of your immediate presence, your card number can
    be copied in seconds. An enterprising thief at the brokerage can get access
    to the trades and do whatever they want with the information. Be careful.
    Use security software. Make double sure that you are on the secured site
    for trading.

    "abc" <> wrote in message
    news:t7Xjb.12650$...
    > As soon as you established secure connection
    > it **seems** it is secure.
    >
    > But may be it just seems ?
    >
    > Can the owner of hot spot somehow trick your security ?
    > Can in principle someone who may intercept
    > wireless signal do the harm?
    >
    > Thanks
    >
    Kevin, Oct 17, 2003
    #2
    1. Advertising

  3. abc

    Peter L Guest

    "abc" <> wrote in message
    news:t7Xjb.12650$...
    > As soon as you established secure connection
    > it **seems** it is secure.
    >
    > But may be it just seems ?
    >
    > Can the owner of hot spot somehow trick your security ?
    > Can in principle someone who may intercept
    > wireless signal do the harm?
    >
    > Thanks
    >


    Why would someone try to harm you? Are you trading millions? Are you bin
    Laden's financial manager? Think about it.
    Peter L, Oct 18, 2003
    #3
  4. abc

    Mark Mathu Guest

    "abc" <> wrote in message
    news:t7Xjb.12650$...

    > Can in principle someone who may intercept
    > wireless signal do the harm?



    In principle, yes.


    If a person intercepts the signal they can do harm.
    That is a no-brainer.
    Mark Mathu, Oct 18, 2003
    #4
  5. In article <t7Xjb.12650$>,
    says...
    > As soon as you established secure connection
    > it **seems** it is secure.
    >
    > But may be it just seems ?
    >
    > Can the owner of hot spot somehow trick your security ?
    > Can in principle someone who may intercept
    > wireless signal do the harm?
    >
    > Thanks
    >
    >



    "what if"

    what if someone setup a "wireless hotspot" to get people to use it...
    fine.. you're now using their hotspot.... say they block all outbound
    connections, other than http... and folks go ahead and resort to using
    http links rather than VPN or https links to say "trade stocks"... or
    visiting webmail sites, etc. "what if" they "man in the middle" and
    allow https? are you confident you know how to detect such activity? are
    you sure they're not sniffing everything passing through their
    network(s)? I mean, it's theirs, they're allowed to sniff whatever they
    want to sniff.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Oct 18, 2003
    #5
  6. abc

    704set Guest

    I remember in the old days when you would buy gasoline. The kid would run
    your credit card through that thingamajig were he would pull the handle over
    the slip to get an impression. He would come out, hand you the card and the
    2 part copy to sign. What you didn't know is he ran off about 6 slips
    inside the station to use later for himself.


    "Kevin" <> wrote in message
    news:...
    > Given the time, resources and ability, anyone can intercept your
    > transactions. I don't do any wireless online trading myself, but I have a
    > couple of friends who are professionals and they have some very aggressive
    > security software that they run. Your transaction is just as vulnerable
    > after it arrives at your brokerage. Think about how you use your credit
    > card for example. When you give your card to a clerk to process a

    purchase
    > and they take the card out of your immediate presence, your card number

    can
    > be copied in seconds. An enterprising thief at the brokerage can get

    access
    > to the trades and do whatever they want with the information. Be careful.
    > Use security software. Make double sure that you are on the secured site
    > for trading.
    >
    > "abc" <> wrote in message
    > news:t7Xjb.12650$...
    > > As soon as you established secure connection
    > > it **seems** it is secure.
    > >
    > > But may be it just seems ?
    > >
    > > Can the owner of hot spot somehow trick your security ?
    > > Can in principle someone who may intercept
    > > wireless signal do the harm?
    > >
    > > Thanks
    > >

    >
    >
    704set, Oct 18, 2003
    #6
  7. abc

    Beoweolf Guest

    If you want a free ride, then you have to accept some risks. I find it
    totally unfathomable that someone so concerned about personal security would
    even think using a "hot-spot" is an option! Most secure sites run HTTPS or
    SSL, you could see if they will accept a VPN connection. Still an
    unregulated wireless node is nothing but a consumer honey pot, no more or
    less that registering for free information or prizes...how do you think they
    can afford the "free" service? Think about it.

    The real issue is in how the user thinks about security and the worth of
    privacy. It is "possible" to contravene almost any public encryption
    technology, matter of fact it's the law (de facto, covert or actual
    law...it's still possible for "authorities to record and eventually decode
    everything passing through the internet).

    "abc" <> wrote in message
    news:t7Xjb.12650$...
    > As soon as you established secure connection
    > it **seems** it is secure.
    >
    > But may be it just seems ?
    >
    > Can the owner of hot spot somehow trick your security ?
    > Can in principle someone who may intercept
    > wireless signal do the harm?
    >
    > Thanks
    >



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.528 / Virus Database: 324 - Release Date: 10/16/2003
    Beoweolf, Oct 19, 2003
    #7
  8. abc

    Lem Lo Guest

    If you are connecting to an online trading web site, you are probably
    using HTTPS and any data sent/recieved is safe. I do not trust wired
    connections any more than wireless ones.. WEP or no WEP.
    Lem Lo, Oct 19, 2003
    #8
  9. "abc" <> wrote in message
    news:t7Xjb.12650$...

    > But may be it just seems ?


    You have at least two problems:

    When you connect to a WiFi hotspot you are on the same local network as the
    other users.

    Embedded deeply in the design of the network interfaces and protocols are
    *the assumption* that a local network segment is physically secure, as
    opposed to f.ex. the Internet, and therefore information can both be shared
    freely and trusted.

    This is sort of true with wired nets because they are inside a building
    f.ex., however with WiFi anyone who has the WEP for the network key can
    connect - in a WiFi hotspot there will be no WEP key allowing everybody and
    his dog access - and to top it up *there are tools* to break the feeble WEP
    encryption....once that is broken *there are also effective tools to break
    into the computers on the network*.

    Secondly, the WiFi interface in your PC will be listening for hotspots to
    connect to - A.N. Cracker may have configured *his* PC+WiFi card to be such
    a hotspot....there are of course software for that too!


    > Can the owner of hot spot somehow trick your security ?
    > Can in principle someone who may intercept
    > wireless signal do the harm?


    Suppose I advertise myself as a Gateway/Router to the internet instead of
    the WiFi hotspot. That means that your data will go through my computer.

    My computer & I know how to look for DNS requests. I also know that people
    often use Ameritrade, so whenever someone asks for "www.ameritrade.com" I
    hijack the DNS lookup and reply with my own special IP address at some
    server which will present you with the proper Ameritrade look & feel -
    'cause I ripped their site - except that when you try to logon I will steal
    your password and fail the logon with an apropriate error.

    So that you will not become suspicious, I will then keep a list of victims,
    so when your Ameritrade login fails and you try again, I will forward the
    proper IP address for Ameritrade this time and you can log on and be happy.

    For a while ;-)

    If I am the owner of WiFi access point this would be trivially easy to
    implement...but the only downside to the cracker in not owning the WiFi
    hotspot is degraded reliablity; he may not get all datagrams.

    The only thing preventing this is that I also need copies of the encryption
    key files stored on your computer - however there are tools for acessing
    disk drives too! Even *if* you have a firewall installed on your PC, which
    most people don't , I think I could probably get them with a little work.


    Of course you may face the same security risks on a telco-provided network
    if you share a wired network segment with other users; f.ex. the networks
    provided in appartment buildings are often configured as local segments. If
    you have an ADSL connection, you usually will have a router at your end with
    the insecure local segment being the wire from the router box to your PC.
    This is probably Ok ;-)

    Hope this helps.
    Frithiof Andreas Jensen, Oct 20, 2003
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. STOCK TRADING

    Stock Trading Secrets Revealed

    STOCK TRADING, Feb 28, 2008, in forum: Digital Photography
    Replies:
    0
    Views:
    560
    STOCK TRADING
    Feb 28, 2008
  2. STOCK TRADING

    Stock Trading Secrets Revealed

    STOCK TRADING, Feb 28, 2008, in forum: Digital Photography
    Replies:
    0
    Views:
    527
    STOCK TRADING
    Feb 28, 2008
  3. Replies:
    0
    Views:
    580
  4. gabriela2
    Replies:
    6
    Views:
    2,534
    gbaxtin
    Aug 1, 2010
  5. STOCK TRADING

    Stock Trading Secrets Revealed

    STOCK TRADING, May 15, 2008, in forum: Digital Photography
    Replies:
    0
    Views:
    519
    STOCK TRADING
    May 15, 2008
Loading...

Share This Page