Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Didn't Use the VPN - Ugh

southerndoc

southerndoc

Contributor
Original poster
May 15, 2006
1,889
547
USA
I'm staying at the Marriott, and normally I use a VPN. For some reason the configuration file corrupted and I had to delete then reconfigure the VPN. I forgot to check to send all internet traffic through the VPN. The WiFi network at the Marriott has no encryption.

So there I am, logging into my Schwab, ING Direct, TD Ameritrade, Wachovia, Citibank, Chase, and American Express accounts. Plus I send mail and log into AIM/iChat.

My question is if I need to change all my passwords after logging into these sites if the sites use SSL when logging in? I think the only one that was configured to not use SSL on log in was iChat.

I feel like an idiot for doing this!
 
If the sites to which you connect use SSL, that is as secure as a VPN for your purposes. I have not dived into the details of OSCAR authentication for your AIM account, but the specification does seem to suggest a secure password exchange of some sort.

The only place I think you might have a worry is your mail accounts. If your mail client is not set up to talk to the mail server over SSL, there is potential for a problem. Most email protocols were not built with packet sniffers in mind.

If you want to get technical, link-layer security (the VPN) is not the right tool for the problem you're worried about. A VPN puts you on a trusted network, but you're making connections to services outside your trusted remote network. If your connections to those services are not secure in the way that wouldn't require a VPN (e.g., SSL), then they still aren't secure even if you use a VPN. You will have only changed the apparent point of origin of the insecure connection.
 
I'm using MobileMe, and I have use SSL checked in preferences.

iChat wasn't configured to use SSL (changed that today).

I think Back to my Mac and my iDisk are secure (I hope).

Just curious if I'm being paranoid or if I should go through and change a bunch of passwords (which I actually just changed about 30 days ago).
 
southerndoc said:
iChat wasn't configured to use SSL (changed that today).
Click to expand...

That's only your communications, I think. I'm not in a position to guarantee, but I think the authentication is secure regardless. As long as you weren't sharing secret information over iChat, don't worry, and if you were, the VPN problem I mentioned above applies.

southerndoc said:
I think Back to my Mac and my iDisk are secure (I hope).
Click to expand...

They are.

southerndoc said:
Just curious if I'm being paranoid or if I should go through and change a bunch of passwords (which I actually just changed about 30 days ago).
Click to expand...

As long as your mail accounts are configured to use SSL, I think you're going to be fine.
 
SSL @ HTTP (HTTPS) protects your logins and personal information with a standard of 128 or 256-bit AES based encryption --for 99% of banks-- so you're fine there. As mentioned above it's as secure, if not more secure than a VPN.

iChat/AIM/MSN pass login information via a SSL enabled server, so only your chat messages may have been viewed, your login info is safe.

No worries, bro! :D
 
Great. I feel like an idiot for not having the VPN configured properly, but thankfully I wasn't passing really confidential information back and forth.

I won't worry about it, but I will use this as a learning experience -- make sure the VPN is configured properly before doing anything confidential.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back