Is public wifi as dangerous as it made out to be?

OVERKILL · Mar 2, 2022

brianl703 said:
Then you have to wonder how they got valid certificates...

I wonder if Google or Chrome would detect that the certificate has changed since the last time you visited the site and warn you.

Right?! It was a very interesting situation.

I think all the browsers have greatly improved on this front in the last 2 years and I suspect that same fraud wouldn't be able to be committed today in the same manner, but two years ago isn't a long time, so it's wild to think that this could have been executed so recently.

brianl703 · Mar 2, 2022

OVERKILL said:
Right?! It was a very interesting situation.

I think all the browsers have greatly improved on this front in the last 2 years and I suspect that same fraud wouldn't be able to be committed today in the same manner, but two years ago isn't a long time, so it's wild to think that this could have been executed so recently.

Brings up another question...did they somehow compromise a certificate authority or did a rogue employee at a CA help them?

OVERKILL · Mar 2, 2022

brianl703 said:
Brings up another question...did they somehow compromise a certificate authority or did a rogue employee at a CA help them?

Would love to know, would make a great case study.

javacontour · Mar 3, 2022

Jethro_Bob said:
Except all these times

https://thehackernews.com/search/label/SSL vulnerability

Seriously, whoever controls the router controls your data.

So what prevents someone from hacking the VPN in a similar fashion? It's not like VPN is invulnerable to vulnerabilities? The same challenges SSL faces are faced by a VPN connection.

Also, what prevents someone from examining traffic when it leaves the VPN? All a VPN does is provide encrypted ingress and egress points through another network. At some point, the traffic is "in the wild" again, depending on other encryption to keep it secure.

It's not like your bank has a server inside the VPN.

uc50ic4more · Mar 3, 2022

OVERKILL said:
Right?! It was a very interesting situation.

I think all the browsers have greatly improved on this front in the last 2 years and I suspect that same fraud wouldn't be able to be committed today in the same manner, but two years ago isn't a long time, so it's wild to think that this could have been executed so recently.

My best guess is traffic (in days past; these days browser would flip out) might have been routed to non-encrypted spoof sites. These days I'd have to surmise that the malicious parties are somehow able to get a hold of the originating site's certificate; a process that probably has to do more with "social engineering" than "technological prowess" more often than not.

I love showing people this video showing how most "hacking" is done (Slightly NSFW language: one "s" word near the end):

... And I hear enough horror stories about how lax security practices are in large organizations to not be surprised that Some Big Corp That You Through Would Have Their Act Together had their certificates compromised because Tom in HR clicked on an email attachment.

Silver · Mar 9, 2022

I don't think so, but subscribe to the BreachExchange mailing list for a wake up call.

willbur · Apr 2, 2022

alarmguy said:
Oh, last thing I care about is credit card information. Not even a concern, in some. years I have had some big fraud on some. No big deal and people should care less about credit card fraud. Your not responsible even though the media doesnt tell you that past the sensational headlines.
Fraud on your card, tell the credit card company, actually if you access your account online, you just click on the charge, say its not yours and your done. Charge removed.

Its why in the forum many times I tell people dont use debit cards and use credit cards. Debit cards are linked to your personal bank accounts, credit cards are not. Depending on your bank you MAY have to prove a debit purchase is not yours, with a credit card they would have to prove the charge IS yours. Big difference.

WIth that said, no one wants a hacker to be combing your laptop computer for personal information, banking, work place and investing information. Credit card information that a hacker might get is irrelevant to me and chances are that information was stolen from an employee at a restaurant you were eating dinner at, not your computer.

Good advice. I bought a cheap computer dedicated strictly to banking and paying bills, financial stuff. Nothing else. No browsing, no email, etc.

zzyzzx · Apr 7, 2022

I don't do anything financial on the phone.

Also, doesn't everyone have unlimited data on their phones now? Why would I even want to use public WIFI?

kschachn · Apr 7, 2022

zzyzzx said:
Also, doesn't everyone have unlimited data on their phones now? Why would I even want to use public WIFI?

The only time I do is when I'm lost in the depths of some large building where the cellular signal is weak and there happens to be wifi. Otherwise I agree, I leave it off.

Is public wifi as dangerous as it made out to be?

OVERKILL

$100 Site Donor 2021

brianl703

OVERKILL

$100 Site Donor 2021

javacontour

uc50ic4more

Silver

willbur

zzyzzx

kschachn

Similar threads