public internet security
Paul S
paulatgm at gmail.com
Sun May 6 21:32:30 UTC 2007
nodata said the following on 05/06/2007 03:39 PM:
> Am Sonntag, den 06.05.2007, 14:42 -0400 schrieb Paul S:
>> Is Mossburg just wrong when he says even https connections aren't safe
>> on public internets?
>>
>> the OP
>>
>
> He never wrote that. You inferred that.
>
> The problem is that you don't know that:
> i) The router you are using is not malicious
> ii) The DNS server you are using is not malicious
>
> If you use HTTPS with a centrally issued certificate, both of these
> points are invalid, however once you trust anything from a non HTTPS
> site, you are at risk.
>
> An example.
>
> You want to logon to your internet banking app at Chase. You go to
> www.chase.com, an HTTP site, and click the "logon" link.
>
> For this example's simplicity, the HTTP www.chase.com site has been
> modified by a transparent proxy to change the logon page link from the
> real internet banking app to a malicious internet banking app.
>
> You are taken to an HTTPS site called
> https://somethingelse.example.com
> This site has a valid SSL certificate, and so you received no warnings.
>
> You enter your login details.
>
OK I understand now. But, what about the vpn .. would that be a secure
way to use such a network?
More information about the ubuntu-users
mailing list