Associate
- Joined
- 10 Jul 2006
- Posts
- 2,423
Given most things are HTTPs now - is it still a risk using an open WIFI network? (with the assumption that SSL is secure)
Given that using a VPN is so easy why would you risk it?
Never heard of a "man in the middle" attack then?
Some information if you haven't: https://en.m.wikipedia.org/wiki/Man-in-the-middle_attack
But that quite literally is what a "man-in-the-middle" attack is. Any decent proxy pretty much can terminate the client ssl and establish its own server ssl session and read traffic between the two in plain text and you wouldn't know.OP was implying that this wouldn’t be as much of an issue with the higher use of HTTPS though
But that quite literally is what a "man-in-the-middle" attack is. Any decent proxy pretty much can terminate the client ssl and establish its own server ssl session and read traffic between the two in plain text and you wouldn't know.
Yea, a lot of people (especially if asking a question like this) would just click "accept' when asked to install a security cert when joining the network. I mean, it's a SECURITY cert after allWouldn't be too hard to trick a cert onto a client device (either user error or I think html5 can script it).
Yea, a lot of people (especially if asking a question like this) would just click "accept' when asked to install a security cert when joining the network. I mean, it's a SECURITY cert after all
I never mentioned HTML5 but we use GPO at work and to join our public WiFI it prompts you to install an SSL cert. That SSL cert is issued by our proxy for the sole purpose of SSL termination. This allows the proxy to inspect SSL traffic and is transparent.That's a pretty large assumption. I am familiar with what a security certificate is. I didn't realize it was possible for joe bloggs to pretend to be Google though using some simple HTML5 - that doesn't sound right?
Are you all not assuming your VPN is secure?
I never mentioned HTML5 but we use GPO at work and to join our public WiFI it prompts you to install an SSL cert. That SSL cert is issued by our proxy for the sole purpose of SSL termination. This allows the proxy to inspect SSL traffic and is transparent.
I did say 'a lot of people' and if this does not apply to you then you don't fit that demographic so no need to feel offended.