Is stock trading via Wi-Fi hot spots secure ?

As soon as you established secure connection
it **seems** it is secure.

But may be it just seems ?

Can the owner of hot spot somehow trick your security ?
Can in principle someone who may intercept
wireless signal do the harm?

Thanks

In article <M9Xjb.12651$(E-Mail Removed) >,
abc <(E-Mail Removed)> wrote:
:As soon as you established secure connection
:it **seems** it is secure.

:But may be it just seems ?

:Can the owner of hot spot somehow trick your security ?
:Can in principle someone who may intercept
:wireless signal do the harm?

It depends on how you are establishing the security. If you are using
WEP, then there is a problem. If you are using end-to-end IPSec with
3DES or AES-256, then you should be pretty safe, as IPSec is designed to
alleviate "man in the middle" attacks.

--
Feep if you love VT-52's.

In article <M9Xjb.12651$(E-Mail Removed) >,
(E-Mail Removed) says...
> As soon as you established secure connection
> it **seems** it is secure.
>
> But may be it just seems ?
>
> Can the owner of hot spot somehow trick your security ?
> Can in principle someone who may intercept
> wireless signal do the harm?

What security are you using that you fear might be "tricked"?


--
********************************************
Flatline Wi-Fi -- Un-Wiring You To The World
http://www.flatline.com
********************************************

In alt.internet.wireless Walter Roberson <(E-Mail Removed)> wrote:
> In article <M9Xjb.12651$(E-Mail Removed) >,
> abc <(E-Mail Removed)> wrote:
> :As soon as you established secure connection
> :it **seems** it is secure.
>
> :But may be it just seems ?
>
> :Can the owner of hot spot somehow trick your security ?
> :Can in principle someone who may intercept
> :wireless signal do the harm?
>
> It depends on how you are establishing the security. If you are using
> WEP, then there is a problem. If you are using end-to-end IPSec with
> 3DES or AES-256, then you should be pretty safe, as IPSec is designed to
> alleviate "man in the middle" attacks.

If I was doing nefarious things as a hot-spot owner, I'd add a nice high-res
video camera with a big zoom lens on a remote controllable mount in one of
those "security camera" domes to shoulder-surf in style.

--
http://inquisitor.i.am/ | private.php?do=newpm&u= | Ian Stirling.
---------------------------+-------------------------+--------------------------
Get off a shot FAST, this upsets him long enough to let you make your
second shot perfect. -- Robert A Heinlein.

Most of the security on the internet was designed around the assumption that
anyone can access anyone's data anywhere (since you cannot control the route
your data takes to reach its destination).

Your SSL connection to your broker is "secure" as long as it is at least
128-bit and you actually check the certificate from the server (double-click
on the little SSL secured key). For instance, you may not be connected to
your broker but someone else. However, your computer contains various root
certificates, which can be used to determine the validity of the server's
certificate. If the presented certificate looks like it should be from your
broker and is valid, then it probably is from your broker. Data that is
encrypted using a key found in the certificate can only be decrypted by the
owner of the certificate so your computer generates a random key, encrypts
it with the key specified in the certificate, and sends it to the server.
The server decrypts your random key and uses that for future communications.
This prevents man-in-the-middle attacks since you can determine the validity
of the server (unless the certificate is compromised or you do not check to
make sure that the certificate is correct) and since only you can decrypt
the server's transmissions to you (you sent the server the random key).

The main issue with wireless is file sharing. If you have this turned on
but not password protected then anyone else in the area can conceivably
access your files. In addition, if you are moving files between computers
over wireless, it may be possible to intercept this data if encryption is
not used.

There's also this issue of accessing e-mail over the web without encryption
since some people like to use the same password over and over again.

Finally, as a rule of thumb, never use Telnet or FTP for accessing anything
that should be private (regardless if you are using a wired or wireless
connection).

-Yves

"abc" <(E-Mail Removed)> wrote in message
news:M9Xjb.12651$(E-Mail Removed) om...
> As soon as you established secure connection
> it **seems** it is secure.
>
> But may be it just seems ?
>
> Can the owner of hot spot somehow trick your security ?
> Can in principle someone who may intercept
> wireless signal do the harm?
>
> Thanks
>

Should be OK as long as the site uses SSL or your trading software uses
encrypted traffic, depending on which case applies to you.

abc wrote:
> As soon as you established secure connection
> it **seems** it is secure.
>
> But may be it just seems ?
>
> Can the owner of hot spot somehow trick your security ?
> Can in principle someone who may intercept
> wireless signal do the harm?
>
> Thanks
>

"Yves Konigshofer" <(E-Mail Removed)> wrote in
news:bmqp8m$kgu$(E-Mail Removed):


> Finally, as a rule of thumb, never use Telnet or FTP for accessing
> anything that should be private (regardless if you are using a wired
> or wireless connection).

..... meaning make sure you use a client that offers sFTP (secure FTP....
CuteFTP Pro offers this) for FTP transfers, and Telnet using a client that
offers SSH....

In article <Xns94187575F5A53sonicyouth@206.127.4.10>, Good Man
<(E-Mail Removed)> wrote:
>..... meaning make sure you use a client that offers sFTP (secure FTP....
>CuteFTP Pro offers this) for FTP transfers, and Telnet using a client that
>offers SSH....

Just as a quick note, "SFTP" is not "secure FTP". It's not any kind of FTP,
because it bears no resemblance (other than the ability to transport files)
to FTP. What you may be looking for is "FTP over TLS" (which also provides
FTP over SSL), and is described in draft-murray-auth-ftp-ssl-12.txt, and
ought to be an RFC already, since it's already adopted by a large number of
client and server vendors, and the spec hasn't changed in at least a year.
For more information, and a (partial) list of supporting implementations,
visit http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | (E-Mail Removed).
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.