Didn't Use the VPN - Ugh

Discussion in 'Community Discussion' started by southerndoc, May 4, 2009.

  1. southerndoc macrumors 65816

    southerndoc

    Joined:
    May 15, 2006
    Location:
    USA
    #1
    I'm staying at the Marriott, and normally I use a VPN. For some reason the configuration file corrupted and I had to delete then reconfigure the VPN. I forgot to check to send all internet traffic through the VPN. The WiFi network at the Marriott has no encryption.

    So there I am, logging into my Schwab, ING Direct, TD Ameritrade, Wachovia, Citibank, Chase, and American Express accounts. Plus I send mail and log into AIM/iChat.

    My question is if I need to change all my passwords after logging into these sites if the sites use SSL when logging in? I think the only one that was configured to not use SSL on log in was iChat.

    I feel like an idiot for doing this!
     
  2. Gelfin macrumors 68020

    Gelfin

    Joined:
    Sep 18, 2001
    Location:
    Denver, CO
    #2
    If the sites to which you connect use SSL, that is as secure as a VPN for your purposes. I have not dived into the details of OSCAR authentication for your AIM account, but the specification does seem to suggest a secure password exchange of some sort.

    The only place I think you might have a worry is your mail accounts. If your mail client is not set up to talk to the mail server over SSL, there is potential for a problem. Most email protocols were not built with packet sniffers in mind.

    If you want to get technical, link-layer security (the VPN) is not the right tool for the problem you're worried about. A VPN puts you on a trusted network, but you're making connections to services outside your trusted remote network. If your connections to those services are not secure in the way that wouldn't require a VPN (e.g., SSL), then they still aren't secure even if you use a VPN. You will have only changed the apparent point of origin of the insecure connection.
     
  3. southerndoc thread starter macrumors 65816

    southerndoc

    Joined:
    May 15, 2006
    Location:
    USA
    #3
    I'm using MobileMe, and I have use SSL checked in preferences.

    iChat wasn't configured to use SSL (changed that today).

    I think Back to my Mac and my iDisk are secure (I hope).

    Just curious if I'm being paranoid or if I should go through and change a bunch of passwords (which I actually just changed about 30 days ago).
     
  4. Gelfin macrumors 68020

    Gelfin

    Joined:
    Sep 18, 2001
    Location:
    Denver, CO
    #4
    That's only your communications, I think. I'm not in a position to guarantee, but I think the authentication is secure regardless. As long as you weren't sharing secret information over iChat, don't worry, and if you were, the VPN problem I mentioned above applies.

    They are.

    As long as your mail accounts are configured to use SSL, I think you're going to be fine.
     
  5. McKnight macrumors member

    McKnight

    Joined:
    Mar 29, 2009
    #5
    SSL @ HTTP (HTTPS) protects your logins and personal information with a standard of 128 or 256-bit AES based encryption --for 99% of banks-- so you're fine there. As mentioned above it's as secure, if not more secure than a VPN.

    iChat/AIM/MSN pass login information via a SSL enabled server, so only your chat messages may have been viewed, your login info is safe.

    No worries, bro! :D
     
  6. southerndoc thread starter macrumors 65816

    southerndoc

    Joined:
    May 15, 2006
    Location:
    USA
    #6
    Great. I feel like an idiot for not having the VPN configured properly, but thankfully I wasn't passing really confidential information back and forth.

    I won't worry about it, but I will use this as a learning experience -- make sure the VPN is configured properly before doing anything confidential.
     

Share This Page