downtheroad wrote:
Secure website in one thing....it's "open" or unsecured wifi that is very vulnerable and and not secure.. Doing your banking at, for example, Starbucks or at an airport on their open wifi is dangerous....we always use a VPN when away from our password protected wifi at home.
x2 on this
a secure website (https) offers minimal protection if you're connected to an open unencrypted wifi network, plenty of chances to get hacked, so much so I'd say never connect to an "open" network. it's not worth the risk. very easy to compromise.
for example, Starbucks - maybe the official open network is named Starbucks guest or some such. so your hacker connects to it and runs de-auth attacks on everyone else connected. then they start their own open wifi network, called Starbucks 2 or something. Everyone that got hit with the deauth is disconnected. they might think oh that's weird, I'll try starbucks 2. Now the hacker can run a MITM attack against those people, injecting a fake certificate in front of a bank or credit card real certificate, and copy all the juicy details.
it works because everyone is so conditioned (thanks to sites like Marcus runs here) to hit accept when your browser warns you about a certificate problem.