[lug] How do you keep your passwords safe while Paying bills and Day Trading at Work?
nate at natetech.com
Mon Oct 6 21:39:30 MDT 2008
Stephen Queen wrote:
> I, myself would not do personal financial transactions on a company
> computer over the company network. That would be showing a lot of
> confidence in your company IT staff that they may not deserve.
More than, say ... a poor telecom worker anywhere along the line? :-)
The network part is simple, all of those transactions are SSL-enabled,
or better be.
The company computer part -- I agree with in general.
They could have screen capture/savers, keystroke loggers, etc... all
with implicit permission of the employee via policy -- "Everything may
Taking that out to the logical end though, since most companies won't
allow "rogue" laptops or other devices on their networks these days...
Means you better be packing your own mobile data card and laptop if you
have to make financial transactions during the day for any reason.
And thus... the top question: Just who do you trust?
I think your own machine on someone else's network (telco, company,
hotel next door, whatever) with appropriate encryption is as good as you
might have at home... on "your" network. It's all muxed together
Your hardware, your encryption technology, is about the best you can do.
How many older stock traders do it on analog cordless phones?
How many stock trades are placed per day on cell phones that anyone can
buy a CDMA or GSM network service monitor -- perfectly legally but then
use it to listen in with -- not legal -- for about $2000 from any test
gear supply house?
Eventually you have to trust someone, even though there's nothing worthy
of trust in any of this, long-term... the math of the encryption is
about as close as you can get to "trustworthy", and it's been shown to
have flaws before...
More information about the LUG