Jump to content

Great online money organizer!!


rodent

Recommended Posts

Quote:
Originally Posted by Morgan View Post
"Safety, security, and privacy
Yodlee is the dominant player in this industry, and the company says it is fanatical about security. All data are encrypted and stored on computers in a building at an undisclosed address. To get into the data center, employees have to go through several identity checks, including a hand scan.

Yodlee promises that it won't share personally identifiable information with third parties. On the other hand, if you sign up for aggregation service through your bank's Web site, Yodlee says it can't control what the bank does with any information it gleans. You'll have to check your bank's privacy policy."

Sounds secure, but if hackers were to target something, a website with a collection of accounts would be a good thing to target.
The security statements are kind of generic. And the reality is that, almost every company has the same risk when it comes to hosted accounts. In this situation: Yodlee hires an off-site company to host their client websites. That hosting company (like every other one out there) doesn't publish their datacenter information. They encrypt data coming into the server, and when it's extracted, it's un-encrypted.

Here's the question: What other companies use the same hosting company that Yoodle uses? Are each client on a separate server for security purposes? How does Yoodle submit their client data to the hosting company--- via encrypted FTP sites? Or does the data company get into the servers for Yoodle and extract the info in a file feed? And who all has access to the database of information from Yoodle?

The statement about security access into the host datacenter is fine, except: if someone wants the database information, are they really going to find the host location, or just hack into the servers?



I'm extremely leery of online things like this, but I also have had my identity stolen twice, and working in technology gives me a different perspective on things. I don't even keep my personal information or financial information on my PC anymore. I keep it on a disk in a safety deposit box at the bank.
Link to comment
Share on other sites

It does sound like a great service and very convenient. I do online banking for all my accounts but they are on different sites, so I figure the odds of everything getting hacked and stolen is very slim. The odds are probably slim anywhere but things happen, and if all my info was in one place and became compromised I would freak.

 

I had a Monster account and they notified me that our information (resume/contact/etc.) had been basically stolen. They have a security policy too and gave us a big "we're sorry and working to assure it doesn't happen again" but meanwhile my personal stuff was out there...and it wasn't money related but it still worried me....money related info would enrage me.

 

I just don't know if it's for me, but the idea is great in theory.

Link to comment
Share on other sites

Quote:
Originally Posted by starchild View Post
I had a Monster account and they notified me that our information (resume/contact/etc.) had been basically stolen. They have a security policy too and gave us a big "we're sorry and working to assure it doesn't happen again" but meanwhile my personal stuff was out there...and it wasn't money related but it still worried me....money related info would enrage me.

I just don't know if it's for me, but the idea is great in theory.
Along these lines too---- the automatic assumption is that someone is going to hack into the servers. But there's a much easier way that a *lot* of people out there do without and without realizing it.

I actually have a client now who is a web hosting company. One of their employees was using our software and in the process of downloading a secure document, she got a virus message and it locked up her PC.

The company freaked out: their internal security department seized her PC to start investigating. I tested our software at their request and absolutely KNEW it wasn't delivered via our software. But- they shut all their employees out of our software for 24 hours until they came to that conclusion on their own.

Long story short---- this client shared her internal IT ticket with me because they weren't telling her much. In the information they told her, they happened to mention the virus file path. So I did a little digging and discovered this particular virus was distributed via JavaScripts (which IE *heavily* depends on) in an email. The virus was coded to shut down all their firewalls and virus software and then scan all the PC's at their root directory (out of the desktop view, basically) and when it found financial information, it compiled a zip file and emailed it back to a particular domain.

Had her PC not locked up and given her an error message with a false data string (pointing the finger at our software), she probably wouldn't have known she had this virus.


These are the people who are a risk to anyone's secure information. Not the equipment---- it's the employees.




Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...