On Monday, 21 December 2020 at 09:15:00 UTC [email protected] wrote:
> On 12/21/20 1:08 AM, Ulrich Windl wrote: > > On 12/20/20 4:17 PM, Morten Eyrich wrote: > >> Okay so if I have been using a https connection, then it's no > >> problem... ? > > > > If they use a wrong certificate for a MITM attack they might decode your > > connection... It means nobody between you and the "next endpoint" can > > read your password, but how to ensure what the "next endpoint" really > is? > > Ulrich is right. First, look at the "certificate story". These are meant > ensuring that you can trust your endpoint. ... ... > Conclusion as usual: if your life depends on it, do not trust https. > > Just for clarity, if your HTTPS connection is compromised, it probably will not matter much whether your router is compromised or not. With such in mind, so long as you use an HTTPS connection, you probably don't need to worry much about your router. As [email protected] implied, not all certificates are equal (in respect of risk), and you may personally trust some more than others. With respect to the other risks, perhaps using SSH and VPNs might be more secure? Using MFA, multi-step authentication, and/or regularly changing your password, can help mitigate damage in respect of your security credentials being captured. Kind regards, Mark Fernandes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57358980-e7c4-4889-a397-9e9f2d3ed0bfn%40googlegroups.com.
