I recently read that even the encrypted traffic on https web sites is not safe from man-in-the-middle attacks.
Does the use of an Ipsec-based VPN such as JiWire's SpotLock protect against man-in-the-middle servers on public unsecured WiFi networks?
Thanks.
So nobody knows?
Jeez, I thought the WiFi security experts hung out here.
Dave Rudisill hath wroth:
This article?
Supplying sources of rumors is always useful.
Yes. All VPN's have mechanisms to prevent replay and session hijack attacks as well as their own independent authentication mechanisms. However, it is possible to disarm or disable such features, so don't assume that they're functional unless you check the settings.
Those who would give up essential security to purchase a little temporary convenience deserve neither security or convenience. (Apologies to Ben Franklin).
Possibly. More likely that nobody cares. I'm not a security expert so I only have a passing interest in such topics.
Nope. Just the Wi-Fi hackers hang out here. On weekends, I'm more interested in breaking into networks than securing them. During the work week, it's the other way around.
You might also find this interesting reading:
"It was possible to bring the client from a secure EAP/TLS network to an insecure one without any warnings from the operating system."
This is the one I had come across:
Thanks.
Well, that's an article on extending the all too common phishing attack for banking sites, where the counterfeit site maintains a fake SSL server, and is able to somehow (not described in the article) break multiple authentication and key exchange mechanisms. The article is also theoretical, intentionally incomplete, and reads like a sales pitch for the authors security services company. I'm not qualified to judge whether the proposed extensions to phishing are probable.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.