bwanshoom wrote:
dshinnick, look up a man-in-the-middle attack. If someone controls your connection to the internet (e.g. they own the router) they can make you think you're talking to your bank, but you're not. It's not hard to fake a website that looks like BOA, for example. Phishing attackers do this all the time. And most people wouldn't know a good certificate from a bad one. There have been numerous cases of certificate authorities (someone your browser trusts implicitly by default even though you've never heard of 99% of them. Do you trust the Chinese government? Your browser did...until last month) being hacked and issuing bogus but perfectly valid certificates.
There are malicious hotspots that do this kind of thing. Someone on this forum mentioned they owned a WiFi Pineapple which does everything I just mentioned.
As has been noted numerous times in this thread, the likelihood of this occurring is quite small but it's non-zero. Depending on how paranoid or cautious you are you might care or you might not.
Well described. I think you stated it far more clearly than my feeble attempts.
