SoylentNews is people
SoylentNews
While waiting for ten minutes on "hold" to make an appointment with my local branch of Scotiabank, I had time read through the new "Digital Services Agreement. Most of the eighteen pages were unremarkable, but a couple of things stood out.
When you click "Accept", you are agreeing to not give your password to police if they ask!
You are responsible for maintaining the confidentiality and safekeeping of your Card, Card Number, Username, and Electronic Signature. ... These responsibilities include:
- not voluntarily disclosing your Electronic Signature to anyone else at any time, including any family member, friend, law enforcement agency, or financial institution employee;
You're also agreeing to not use "public" wifi:
(These responsibilities include:) using your own private wireless data connection, and avoiding use of public Wi-Fi services, when you are using the Digital Services;
This of course is from a bank that still refuses to allow Uppercase letters or Special characters in a password.
(Score: 2) by frojack on Thursday September 29 2016, @06:45PM
Phone apps can be quite secure. Most of them do use TLS/SSL. Very rarely do you hear of one that is being dragged through the mud in the press for not using secure communications.
And (contrary to popular opinion) the connection between joe user and the tower is a WHOLE LOT harder to hack than a wifi connection.
Firther, even a Stingray does not break TLS/SSL as long as the app is using it. (Which is why it was such a big deal to remove all the downgrade attacks from all the ssl libraries).
No, you are mistaken. I've always had this sig.
(Score: 2) by bob_super on Thursday September 29 2016, @07:03PM
Sure, but it doesn't matter how good your connection is, when most phones can be completely owned, with little work, by someone using any hack published a few weeks prior, because patching is slow at best, and typically non-existent.
The other reason I really like my BB phone is that it gets security updates. Even then, I don't consider it a safe platform for banking.
(Score: 2) by frojack on Thursday September 29 2016, @07:26PM
The actual incidents of someone's phone getting "completly owned" are vanishingly rare, in spite of the horror stories you read in the press.
Install Warze on your phone from some gray-market app store in Singapore? Maybe. Real world? Your phone is far more likely to explode in your pocket than be owned by someone in a coffee shop.
No, you are mistaken. I've always had this sig.
(Score: 2) by bob_super on Thursday September 29 2016, @07:57PM
The wonderful thing about the internet is that "the coffee shop" doesn't matter. Your phone is vulnerable to script kiddies scanning random IPs against old known bugs pretty much as soon as it's on...
(Score: 2) by frojack on Thursday September 29 2016, @08:37PM
So is every other connected device to some degree, realistically, the risk is tiny.
Funny thing is, other than early versions of windows directly to the internet, the script-kiddies are far from the most successful hackers in the world.
And as far as "vulnerable to kiddies the minute they are turned on", that just doesn't happen.
Have you actually tried to ping another phone on Cellular? Even if the owner looks up and tells you his IP and you have the same carrier connected to the same tower, you aren't going to ping it, let alone scan it.
You might be more at risk from the kiddies once you connect to wifi, but on cellular, not so much.
No, you are mistaken. I've always had this sig.