Serious Discussion Vulnerable network vs encrypted protocols

Tiamati

Tiamati

Level 12
Thread author
Verified
Top Poster
Well-known
Nov 8, 2016
574
Hey guys!

I'd like to know how https protocol, DNS over TSL/Https, and point to point encryption (like whatsapp) impact security in vulnerable network (such as public wifi). Is it possible to have access to sensitive information (like password, credit card, browser history...) if you are using those protocols? Man in the middle attacks and others exploits may have access to all kind of information even in that case?
 
Victor M

Victor M

Level 8
Verified
Well-known
Oct 3, 2022
380
If your browser has a security vulnerability, then it doesn't matter what secure protocol you are using. A hacked or evil web site can still attack your browser and you may lose sensitive data. Your sensitive data is just being transferred to the hacked or evil web site using secure protocols. What secure protocols do successfully guard against is someone grabbing network traffic in a public WiFi scenario. The attacker will see garbage.
 
Last edited:
  • Thanks
Reactions: Tiamati
Tiamati

Tiamati

Level 12
Thread author
Verified
Top Poster
Well-known
Nov 8, 2016
574
ty!

So, with most websites and apps using secure protocols at the moment, there is any real reason to use VPN on public wifi? I know there are some apps/websites that may still use http or unsafe protocols, but any site or app using sensitive content are already covered (or should be at least). For example: bank apps, e-commerce, social media, backup apps. So, what is the point of encrypt all you connection, for security purpose, if everything that matters is already protected?
 
Azazel

Azazel

Level 5
Jun 15, 2023
226
In a home wifi or public wifi, your phone is exposed by open ports. An adversary can directly probe your devices for vulnerabilities and pentest you. There is no authorization or authentication for Lan and public networks and devices are explicitly trusted. There are protocols like UPnP that automatically broadcast your device through the network and make automatic connections. Websites that use https, protects your connection to that website but not your device especially if not up-to-date.
Example see Wannacry and how it broabacates through networks using wormlike behavior exploiting vulnerabilities in SMBv1.
 
Victor M

Victor M

Level 8
Verified
Well-known
Oct 3, 2022
380
DNS TLS provides encrypted data like the domain's ip address you are searching for. HTTPS provides encrypted content transfer between web site and you. What is still visible in plain text is ip address you are going to.
 

Similar threads

Azazel
    • Like
Serious Discussion What a hacker can do on the same network (LAN)?
Replies
2
Views
289
General Security Discussions
RoboMan
RoboMan
silversurfer
    • Like
    • Wow
    • +Reputation
Security News 300,000 Systems Vulnerable to New Loop DoS Attack
Replies
0
Views
910
Security News
silversurfer
silversurfer
Victor M
    • Like
    • +Reputation
    • Applause
  • Suggestion
Setup Idea Reduce Attack Surface: Eliminate Unneeded Network Protocols
Replies
13
Views
1,624
PC Setup Ideas
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top