security

[Guido Heumann]

Am Montag, 5. September 2005 18:06 schrieb Sean Sieger:
> Unnerved at the moment...
>
> If one financial institution I do business--well actually in my
> paranoid fantasy--someone saying they are said financial institution,
> called and while I was on the phone with them, I logged on to my bank
> account could someone 'see' me doing that? I'm telling you, the min-
> ute I was logged on, on Labor Day, I was struck with fear and just
> about hung up on the guy. What's worse is that using reverse dialing
> the area code turned out to be across the river and not on the other
> side of the country.
>
> Okay. Okay. You guys, with a default install of Hoary can someone crack
> my machine in a way that they could see me log on to my bank account
> with Firefox?

I'd say there are 3 kinds of potential risks in this scenario:

1. cracking your machine
but in a default hoary install with ubuntu's policy of "no ports open by 
default" this had to happen with a security exploit. If you updated your 
hoary machine with the latest securiyt updates, then this should be no 
problem.

2. intercepting the connection with your bank
but if you are using an encrypted connection over https (like every bank 
should be doing), this should be safe. Just don't use links to "your bank 
account" coming via email (=phishing mails)

3. fake bank server
if the caller told you an URL and you used THAT for logging in, then I'd be 
worried in your case. But you hopefully did use a bookmark to connect to you 
bank's website, didn't you? ;-)

So probably nothing to worry about. Take it as a "healthy" little shock, to 
raise your security/privacy awareness.

Guido