public internet security

Paul S paulatgm at gmail.com
Sun May 6 21:32:30 UTC 2007


nodata said the following on 05/06/2007 03:39 PM:
> Am Sonntag, den 06.05.2007, 14:42 -0400 schrieb Paul S:
>> Is Mossburg just wrong when he says even https connections aren't safe 
>> on public internets?
>>
>> the OP
>>
> 
> He never wrote that. You inferred that.
> 
> The problem is that you don't know that:
> i) The router you are using is not malicious
> ii) The DNS server you are using is not malicious
> 
> If you use HTTPS with a centrally issued certificate, both of these
> points are invalid, however once you trust anything from a non HTTPS
> site, you are at risk.
> 
> An example.
> 
> You want to logon to your internet banking app at Chase. You go to
> www.chase.com, an HTTP site, and click the "logon" link.
> 
> For this example's simplicity, the HTTP www.chase.com site has been
> modified by a transparent proxy to change the logon page link from the
> real internet banking app to a malicious internet banking app.
> 
> You are taken to an HTTPS site called
>  https://somethingelse.example.com
> This site has a valid SSL certificate, and so you received no warnings.
> 
> You enter your login details.
> 


OK I understand now.  But, what about the vpn .. would that be a secure 
way to use such a network?







More information about the ubuntu-users mailing list