public internet security
paulatgm at gmail.com
Sun May 6 21:32:30 UTC 2007
nodata said the following on 05/06/2007 03:39 PM:
> Am Sonntag, den 06.05.2007, 14:42 -0400 schrieb Paul S:
>> Is Mossburg just wrong when he says even https connections aren't safe
>> on public internets?
>> the OP
> He never wrote that. You inferred that.
> The problem is that you don't know that:
> i) The router you are using is not malicious
> ii) The DNS server you are using is not malicious
> If you use HTTPS with a centrally issued certificate, both of these
> points are invalid, however once you trust anything from a non HTTPS
> site, you are at risk.
> An example.
> You want to logon to your internet banking app at Chase. You go to
> www.chase.com, an HTTP site, and click the "logon" link.
> For this example's simplicity, the HTTP www.chase.com site has been
> modified by a transparent proxy to change the logon page link from the
> real internet banking app to a malicious internet banking app.
> You are taken to an HTTPS site called
> This site has a valid SSL certificate, and so you received no warnings.
> You enter your login details.
OK I understand now. But, what about the vpn .. would that be a secure
way to use such a network?
More information about the ubuntu-users