[lug] How do you keep your passwords safe while Paying bills and Day Trading at Work?
Chip Atkinson
chip at pupman.com
Tue Oct 7 07:34:23 MDT 2008
There is at least one product that provides a man in the middle "attack"
for monitoring web traffic for companies. Look at www.bluecoat.com.
Chip
On Tue, 7 Oct 2008, Stephen Queen wrote:
> On Mon, Oct 6, 2008 at 9:39 PM, Nate Duehr <nate at natetech.com> wrote:
> > Stephen Queen wrote:
> >>
> >> I, myself would not do personal financial transactions on a company
> >> computer over the company network. That would be showing a lot of
> >> confidence in your company IT staff that they may not deserve.
> >
> > More than, say ... a poor telecom worker anywhere along the line? :-)
> >
> > The network part is simple, all of those transactions are SSL-enabled, or
> > better be.
> >
> > The company computer part -- I agree with in general.
> >
> > They could have screen capture/savers, keystroke loggers, etc... all with
> > implicit permission of the employee via policy -- "Everything may be
> > monitored."
> >
> At the company I work at the administrators have remote access to all
> the company computers. They could easily control where the browser
> looked for the signed key for an SSL certificate then launch a man in
> the middle attack. Or at least in theory this could happen.
>
> Then there is your computer use agreement that you probably signed
> when you hired on.
>
> How many people do you know that were actually robbed at knife point
> on the street? I bet its not many. You are probably still cautious
> about flashing your cash around though. Good habits can get you
> through, even when you are unaware.
>
> http://blog.wired.com/27bstroke6/2008/09/from-riches-to.html
>
> Steve
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list