Dave Rudisill <(E-Mail Removed)> hath wroth:
>>Dave Rudisill <(E-Mail Removed)> wrote:
>
>>I recently read that even the encrypted traffic on https web sites is
>>not safe from man-in-the-middle attacks.
This article?
<http://www.sans.org/reading_room/whitepapers/threats/480.php>
Supplying sources of rumors is always useful.
>>Does the use of an Ipsec-based VPN such as JiWire's SpotLock protect
>>against man-in-the-middle servers on public unsecured WiFi networks?
Yes. All VPN's have mechanisms to prevent replay and session hijack
attacks as well as their own independent authentication mechanisms.
However, it is possible to disarm or disable such features, so don't
assume that they're functional unless you check the settings.
Those who would give up essential security to purchase a little
temporary convenience deserve neither security or convenience.
(Apologies to Ben Franklin).
>So nobody knows?
Possibly. More likely that nobody cares. I'm not a security expert
so I only have a passing interest in such topics.
>Jeez, I thought the WiFi security experts hung out here.
Nope. Just the Wi-Fi hackers hang out here. On weekends, I'm more
interested in breaking into networks than securing them. During the
work week, it's the other way around.
You might also find this interesting reading:
<http://www.remote-exploit.org/codes_hotspotter.html>
"It was possible to bring the client from a secure EAP/TLS network to
an insecure one without any warnings from the operating system."
--
Jeff Liebermann
(E-Mail Removed)
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Similar Threads
Linear Mode
