Am I being paranoid?

[Fiveohhh]

My sisters work requires her to take care of her timecard over the internet. The server that she goes to keep track of it first of all is a computer that the owner has at his house. She needs to enter her ss#/name/address/phone#. It has no cert, and just uses regular http. I told her it seems risky to me, but my internet security knowledge is minimal. Anyway just wondering if I'm more paranoid than most, or how big of a risk it is sending all that info unencrypted over the net is(not to mention if the guys even securing it at his house).

 

[Cook1]

Where does she work/who does she work for?

 

[jtusa]

I wouldn't do it.

 

[Hyperblaze]

Tell her to ask her boss to get ssl on the web server at the very least....

 

[George P Burdell]

Originally posted by: jtusa4
I wouldn't do it.

yup

 

[nageov3t]

I'd be more worried about her employer altering her timecard info to short her hours.

 

[n0cmonkey]

The SS# should not be used, and it should all be encrypted.

 

[Fiveohhh]

Originally posted by: Cook1
Where does she work/who does she work for?

Thanks all for the info. Just was wondering if I was being paranoid(like tin foil hat paranoid😛)

She works for some tennis league or something not exactly sure. The page she logs into to keep track of it was a real generic page made with filemaker.

 

[zimu]

not paranoid, definitely sketchy.