Good Sam Community

garry1p wrote:
No matter how secure YOU are the business you shop at bank with or have any transaction with will be a target of hackers they get millions of individual accounts such as Target, Home Depot or any site that clears your CC information is more at risk than the individual. You have no control

Using an open WIFI is normally a one one attract and yes there are many bad actors praying on open WiFi's you just never know until it is to late. You have some level of control use it or....

V{N is point to point encrypted and better than not having it but nothing is totally secure on the internet.

A VPN is no more "secure" than an open wifi, period.

You are DEPENDING AND TRUSTING on a faceless, unreachable, untouchable THIRD PARTY VPN software to make this "encryption" happen..

Much of these third party VPNs are based outside of the US, ever wonder why?

What if that third party VPN you chose is ACTUALLY one of the BAD GUYS?

What if that third party VPN has one of their servers hacked and compromised?

Your data integrity and security is only as good as all of the moving parts between your computer and your data's final destination..

As someone else has mentioned, VPNs are more about HIDING YOUR IP LOCATION than they are for making your connection more secure..

IF you are wanting to do general Internet browsing, open wifi OR secured wifi should not pose any real threat.

IF you are BANKING or putting other personal info onto the Internet and are over the top privacy concerned then skip wifi and move to WIRED connection.

Alternately, while less secure than a wired connection, bring your own wifi (cell based) would be the better method over depending on a third party VPN on a public wifi..

ljr wrote:
I can’t give you a number of cases I helped untangle but it would be in the hundreds..

Hundreds sounds ominous until you compare that to the number of wifi users in total.

garry1p wrote:
No matter how secure YOU are the business you shop at bank with or have any transaction with will be a target of hackers they get millions of individual accounts such as Target, Home Depot or any site that clears your CC information is more at risk than the individual.

That is a more significant risk because that's where the real gold mine is.

We've had this conversation many times over the years and it ends up being like driving with the propane on. Is it risky? No, but if you THINK it's risky then don't do it.

No matter how secure YOU are the business you shop at bank with or have any transaction with will be a target of hackers they get millions of individual accounts such as Target, Home Depot or any site that clears your CC information is more at risk than the individual. You have no control

Using an open WIFI is normally a one one attract and yes there are many bad actors praying on open WiFi's you just never know until it is to late. You have some level of control use it or....

V{N is point to point encrypted and better than not having it but nothing is totally secure on the internet.

2oldman wrote:

ljr wrote:

2oldman wrote:
So much is possible, but whether it's even in the realm of probability that someone's sitting in Starbucks waiting to steal my information is what I focus on.

.....and that’s why it works.

We all have a different tolerance for risk. It's possible I could be in a plane crash too.

Maybe someone will come on here and tell us their experience getting hacked on public wifi.

I spent 30+ years in government, corporate and higher education IT. I can’t give you a number of cases I helped untangle but it would be in the hundreds. With very few exceptions the victims were in complete agreement with you before it happened to them.

You don’t need to surrender to paranoia but you would be well served by taking the threat seriously.

PS: I was in a plane crash once.

2oldman wrote:

ljr wrote:

2oldman wrote:
So much is possible, but whether it's even in the realm of probability that someone's sitting in Starbucks waiting to steal my information is what I focus on.

.....and that’s why it works.

We all have a different tolerance for risk. It's possible I could be in a plane crash too.

Maybe someone will come on here and tell us their experience getting hacked on public wifi.

That could be a really long wait.

But if you ask someone to come on here and tell about the time their data was stolen from a supposedly secure credit card repository or department store repository, it won't take very long at all.

GordonThree wrote:
a lot of users have become conditioned to accept and ignore certificate errors, including self signed certificates.

Can't do anything about foolishness. All modern browsers throw up huge red flags for cert errors. If someone is going to ignore cert errors, they're going to also ignore any advice on when to avoid WiFi connections. And, of course, MITM attacks can occur even on password connected WiFi connections, so encouraging people to think that "secure" WiFi prevents MITM is no different than encouraging them to ignore cert problems.

ljr wrote:

2oldman wrote:
So much is possible, but whether it's even in the realm of probability that someone's sitting in Starbucks waiting to steal my information is what I focus on.

.....and that’s why it works.

We all have a different tolerance for risk. It's possible I could be in a plane crash too.

Maybe someone will come on here and tell us their experience getting hacked on public wifi.

2oldman wrote:
So much is possible, but whether it's even in the realm of probability that someone's sitting in Starbucks waiting to steal my information is what I focus on.

.....and that’s why it works.

So much is possible, but whether it's even in the realm of probability that someone's sitting in Starbucks waiting to steal my information is what I focus on.

GordonThree wrote:

mike-s wrote:

GordonThree wrote:
Now the hacker can run a MITM attack against those people, injecting a fake certificate in front of a bank or credit card real certificate, and copy all the juicy details.

So, please do tell where one gets a certificate signed by a well-known (i.e. included with OS/browsers) root authority for www.mybank.com, but can't get one for www.myvpn.com.

Exactly the reason to not use open wifi networks, ever.

:R

Over the top reaction.

EVERYTHING you do contains a "risk" and a connection to ANY network (internal only or Internet facing) IS RISKY.

So in reality if you are this concerned about your information then you would be better off NOT doing anything "online".

In reality, you have a greater chance of your personal information being exposed on EITHER END of the Internet (IE YOURSELF OR YOUR BANK/WEBSITE). Yes, an "intercept" is entirely possible via a "open" wifi connection but the bad guys have found considerably easier methods than to park out at a random airport, McDs, Starbucks.

Social engineering (Phishing, Spearphishing), Malware, Virus, keyloggers, ect are much more efficient means to get information than to have one person setup and operate one single wifi intercept operation..

Social engineering is one of the easiest ways to completely bypass any of the strongest security settings, firewalls, encryption you can place.

Social engineering in a nutshell amounts to playing on the "human factor" or emotions to get personal information to use for someone elses gain..

Folks can't seem to resist opening odd emails like a UPS/Fedex,USPO which make a shipping claim that you need to sign in and enter information.. You do and the bad guys get you to enter personal info into a fake website..

Or a Bank email claiming that your credit card or bank account will be closed if you do not respond to that email via an included link.. Following that link takes you to carefully crafted fake websites which you simply hand over all the keys to your kingdom..

With the Internet, there really is no such thing as "security" no matter how much spin folks like to give to HTTPS or "secure wifi" as long as the HUMAN part cannot be "secured".

If it can be encoded, it WILL be decoded by someone else if they want it bad enough.

mike-s wrote:

GordonThree wrote:
Now the hacker can run a MITM attack against those people, injecting a fake certificate in front of a bank or credit card real certificate, and copy all the juicy details.

So, please do tell where one gets a certificate signed by a well-known (i.e. included with OS/browsers) root authority for www.mybank.com, but can't get one for www.myvpn.com.

Exactly the reason to not use open wifi networks, ever.

The certificate doesn't need to be signed by anyone well known, a lot of users have become conditioned to accept and ignore certificate errors, including self signed certificates.

GordonThree wrote:
Now the hacker can run a MITM attack against those people, injecting a fake certificate in front of a bank or credit card real certificate, and copy all the juicy details.

So, please do tell where one gets a certificate signed by a well-known (i.e. included with OS/browsers) root authority for www.mybank.com, but can't get one for www.myvpn.com.

So much misunderstanding here. VPNs are protected with the same sort of encryption/AAA (Authorization, Authentication, Accounting) as are links to (well managed) sites. A VPN basically hide your physical location when browsing, but it really makes no difference in security. The most a VPN provides in that case is that the site doesn't know were you are physically. Adding a VPN to an already encrypted connection adds no security, unless you think nation-states are trying to snoop on you, because if someone can break the encryption of either, they can break the encryption of both.

It's like people putting in a stronger deadbolt, when there's a glass window right next to the door.

Bachelor wrote:
I was wondering if one is on a secure website does using a VPN provide extra protection, or is it just redundant? Thanks.

SSL/TLS (aka: HTTPS) is between a browser and a web server. VPN is between two endpoints. I suppose both is sort of redundant but it depends on where the endpoints are.