HTTPS and VPN
I was wondering if one is on a secure website does using a VPN provide extra protection, or is it just redundant? Thanks.
Forum Discussion
GordonThree wrote:mike-s wrote:GordonThree wrote:So, please do tell where one gets a certificate signed by a well-known (i.e. included with OS/browsers) root authority for www.mybank.com, but can't get one for www.myvpn.com.
Now the hacker can run a MITM attack against those people, injecting a fake certificate in front of a bank or credit card real certificate, and copy all the juicy details.
Exactly the reason to not use open wifi networks, ever.
:R
Over the top reaction.
EVERYTHING you do contains a "risk" and a connection to ANY network (internal only or Internet facing) IS RISKY.
So in reality if you are this concerned about your information then you would be better off NOT doing anything "online".
In reality, you have a greater chance of your personal information being exposed on EITHER END of the Internet (IE YOURSELF OR YOUR BANK/WEBSITE). Yes, an "intercept" is entirely possible via a "open" wifi connection but the bad guys have found considerably easier methods than to park out at a random airport, McDs, Starbucks.
Social engineering (Phishing, Spearphishing), Malware, Virus, keyloggers, ect are much more efficient means to get information than to have one person setup and operate one single wifi intercept operation..
Social engineering is one of the easiest ways to completely bypass any of the strongest security settings, firewalls, encryption you can place.
Social engineering in a nutshell amounts to playing on the "human factor" or emotions to get personal information to use for someone elses gain..
Folks can't seem to resist opening odd emails like a UPS/Fedex,USPO which make a shipping claim that you need to sign in and enter information.. You do and the bad guys get you to enter personal info into a fake website..
Or a Bank email claiming that your credit card or bank account will be closed if you do not respond to that email via an included link.. Following that link takes you to carefully crafted fake websites which you simply hand over all the keys to your kingdom..
With the Internet, there really is no such thing as "security" no matter how much spin folks like to give to HTTPS or "secure wifi" as long as the HUMAN part cannot be "secured".
If it can be encoded, it WILL be decoded by someone else if they want it bad enough.
