Can bank information be extracted on a wireless network ?

Yes it can. Never use an unsecured wireless network for anything like that. Even an encrypted, non-trusted wireless network is vulnerable.

Second Tlix ... wirless is basically "radio station". Unless you encrypt that radio signal, you are being very foolish. Free wi-fi at Wendy's or McDonalds is basically un-encrypted as well.

Tell the owner that SSID-encryption is a must if ANY of the company business information is transferred over wireless network.

NOt only that, if a person outside uses that wireless network for bad things, such as hacking, illegal downloads or file sharing or child - the word will be starred out - the police will come knocking on the business owner's door because they come to the owner of the wifi.

Having your network open and unsecured...it's not a matter of if it will be misused, but when.

Gotta love that knock on the door from the local/federal authorities pinning p-ography charges on you.

And when your competitors know all about your "competitive bids" and win the contracts.

Can sufficient banking info which can lead to fraud be extracted from a Mac via an unsecured network by monitoring keystrokes wirelessly ?

No. You can't monitor keystrokes at all over a wireless network, whether secured or not. What you can do is capture network traffic. Whether that compromises security or not depends on what the traffic is. A connection secured with IPSec or SSL, for example, is encrypted above the hardware level and will resist eavesdropping on an untrusted network.

Even on a secure network, users can capture each others' traffic.

Any wireless network traffic monitor can read unencyrpted banking and CC information.

They can sit within teh transmitting range of the network in an unmarked white van.

My employer requires me to use their protected network while at the office and requires me to use WPA-2 encrypted wireless at home.

I distrust other networks that do not have passwords.

That is all I can say.

Isn't this sufficient to prevent theft of banking information?

It should be, as long as the encryption keys used to secure the data in transit are secure. Compromise of banking transactions is not the real problem. The argument against an unsecured network is that it may be used by intruders for their own purposes, such as transmitting contraband data.

It may be that this particular employee's problems are happening elsewhere, but this business should still secure their network. If needed they can provide a separate unsecured gateway to the Internet for visitors to the site that isolates the business network. There are wi-fi routers that can manage such parallel services within the one box. If the business ever has any cause to handle credit card data then securing the network would form part of PCI DSS compliance.

tt2

Just to add to what has already been said, I would agree that it seems likely that that employee's problems aren't being caused by the insecure network.

You pointed out that bank traffic is encrypted, which is true. Whether on a secure or an insecure network, the data cannot be viewed by a third-party snooping on network traffic. However, if there's a flaw in the implementation of the bank site's login system, it could be possible for an attacker to gain access to the account through a form of session hijacking. This should not be the case, and I'm sure most bank sites don't have such vulnerabilities. If you're dealing with a small bank, though, that doesn't have the budget for a really decent site, that could be an issue.

I agree with others that this business network should be locked down with WPA-2 encryption. There are potential legal issues as well as security issues if it isn't secured.

Operational network security involves some knowledge and is difficult to maintain, but whoever set up the network for this business already flunked the most basic part. Who knows what else is configured insecurely here?

Ignoring the credit card data — and I suspect there's more about that than has been disclosed here — this network is ripe for sending out massive quantities of spam, for launching web attacks, and activities potentially involving content that can be considered immoral or illegal in various jurisdictions. Bad News, in other words.

While cracking WPA2 is getting easier all the time and while there are attacks against various routers available to folks within a network perimeter, that's still more work than this wide-open network.

As for the credit card activity and keyloggers, there are viable attacks against various implementations of HTTPS. Not all web sites get that right, and not all web tools get that right, and not all SSL/TLS implementations are equivalent.

A successful HTTPS attack isn't something an attacler probably doesn't want to give away for small amounts of cash, though. The attack itself is very valuable.

Given I suspect there's more here than just that unencrypted wireless LAN — if I were this employee and had to expose my credit card data on these networks, then I'd switch to using my own iOS device for these accesses and would switch to cellular data only for this traffic, and not expose this sort of data while connected to the wireless LAN. Not credit card data. Not passwords for various secure sites. Definitely not my AppleID. Not that the cellular data network is entirely secure, either. qv: "Stingray", et al. But cellular is still a fair bit better than this wide-open unencrypted wireless LAN.

While cracking WPA2 is getting easier all the time....

Can you please explain, amplify.

http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-re aver