Headline FeedsTechNewsWorld Talkback
|
|
Re: Mobile Security: Saying Yes When You Really Should Say No
Posted by: Jack M. Germain 2009-03-20 05:49:05
See Full Story
Do you use a smarthphone to access bank and credit card accounts? How about accessing Web-based applications at your favorite social network or Web mail provider? Do you synchronize your mobile device with your desktop PC or laptop? If you answered yes to any of these questions, your are running the risk for a security breach. What's that you say? You don't have any sensitive information that anybody would want? How about your address book? Or, how about your log-on information, such as user name and password for every Web site you visit.
I’d like to offer some additional tips for protecting your data:
Web mail providers
If you use POP or IMAP to fetch your email, make sure it is encrypted POP or IMAP. If you use a webmail service, ensure that you only access it using HTTPS rather than HTTP.
Many webmail service providers only use HTTPS for the login page, and then revert to HTTP. This isn’t secure. Look for an account configuration option (or a browser plugin) to ensure that your webmail account always uses HTTPS.
Wi-Fi
Wireless networks are particularly vulnerable to eavesdropping —and anyone can intercept your wireless signal unless you use encryption. If you’re using unencrypted — wireless access point, like the one at the coffee shop, you will have to take care of your own encryption using a tool like Tor (free software that helps you defend against a form of network surveillance that threatens personal freedom and privacy) .
Encryption and Password Sniffing
Use sites that employ the highest level of security through Extended Validation SSL. Denoted by a bright green url bar and is currently one of the only ways to combat the phishing scams, and completely protect your privacy.
Do not duplicate sign on information between sites and also frequently change them on a regular basis. If an eavesdropper sniffs out your login to “unsecured sites” it’s possible they will use that information to gain access to other sites using that same log in.
Web mail providers
If you use POP or IMAP to fetch your email, make sure it is encrypted POP or IMAP. If you use a webmail service, ensure that you only access it using HTTPS rather than HTTP.
Many webmail service providers only use HTTPS for the login page, and then revert to HTTP. This isn’t secure. Look for an account configuration option (or a browser plugin) to ensure that your webmail account always uses HTTPS.
Wi-Fi
Wireless networks are particularly vulnerable to eavesdropping —and anyone can intercept your wireless signal unless you use encryption. If you’re using unencrypted — wireless access point, like the one at the coffee shop, you will have to take care of your own encryption using a tool like Tor (free software that helps you defend against a form of network surveillance that threatens personal freedom and privacy) .
Encryption and Password Sniffing
Use sites that employ the highest level of security through Extended Validation SSL. Denoted by a bright green url bar and is currently one of the only ways to combat the phishing scams, and completely protect your privacy.
Do not duplicate sign on information between sites and also frequently change them on a regular basis. If an eavesdropper sniffs out your login to “unsecured sites” it’s possible they will use that information to gain access to other sites using that same log in.
I’d like to offer some advice to assist in protecting your data while using your smart phone.
Web mail providers:
If you use POP or IMAP to fetch your email, make sure it is encrypted POP or IMAP. If you use a webmail service, ensure that you only access it using HTTPS rather than HTTP.
Many webmail service providers only use HTTPS for the login page, and then revert to HTTP. This isn’t secure. Look for an account configuration option (or a browser plugin) to ensure that your webmail account always uses HTTPS.
Wi-Fi
Wireless networks are particularly vulnerable to eavesdropping —and anyone can intercept your wireless signal unless you use encryption. If you’re using unencrypted — wireless access point, like the one at the coffee shop, you will have to take care of your own encryption using a tool like Tor (free software that helps you defend against a form of network surveillance that threatens personal freedom and privacy) .
Encryption and Password Sniffing
Use sites that employ the highest level of security through Extended Validation SSL. Denoted by a bright green url bar and is currently one of the only ways to combat the phishing scams, and completely protect your privacy.
Do not duplicate sign on information between sites and also frequently change them on a regular basis. If an eavesdropper sniffs out your login to “unsecure sites” it’s possible they will use that information to gain access to other sites using that same log in.
Web mail providers:
If you use POP or IMAP to fetch your email, make sure it is encrypted POP or IMAP. If you use a webmail service, ensure that you only access it using HTTPS rather than HTTP.
Many webmail service providers only use HTTPS for the login page, and then revert to HTTP. This isn’t secure. Look for an account configuration option (or a browser plugin) to ensure that your webmail account always uses HTTPS.
Wi-Fi
Wireless networks are particularly vulnerable to eavesdropping —and anyone can intercept your wireless signal unless you use encryption. If you’re using unencrypted — wireless access point, like the one at the coffee shop, you will have to take care of your own encryption using a tool like Tor (free software that helps you defend against a form of network surveillance that threatens personal freedom and privacy) .
Encryption and Password Sniffing
Use sites that employ the highest level of security through Extended Validation SSL. Denoted by a bright green url bar and is currently one of the only ways to combat the phishing scams, and completely protect your privacy.
Do not duplicate sign on information between sites and also frequently change them on a regular basis. If an eavesdropper sniffs out your login to “unsecure sites” it’s possible they will use that information to gain access to other sites using that same log in.
Hey guys just a tip. If you have a G1 google phone there is a app called Adrenaline that encrypts all web traffic that leaves or comes to the phone. It also of course speeds up your web traffic! Really cool! Don't Know about other phones but I am sure there are apps out there to help you with this! Also note HTTPS (with MD5) has been broken so you will need a app to really protect you now like this one!
