Oprindeligt skrevet af Satoru:

This makes no sense in the modern web

Literally all the web is HTTPS now. Meaning all your communications are already secure point to point

Sidejacking MitM attacks on insecure WiFi networks were only relevant when HTTP was the norm. This is no longer the case

It mostly relies on the host to correctly configure their security architecture - sure, a VPN will only provide protection from your device to the VPN gateway, but it's better than nothing.
https://owasp.org/www-project-top-ten/

still top 2-5 of the top 10 security risks ranked by owasp are
A02:2021-Cryptographic Failures: "failures related to cryptography which often leads to sensitive data exposure or system compromise"

A03:2021-Injection
A04:2021-Insecure Design
A05:2021-Security Misconfiguration

Whenever using an untrusted network, a VPN is strongly advised - you don't have to go out and pay for one.. just set up something to get a secure tunnel to your trusted network.

I also use obfuscation, since it seems many places are moving to DPI firewalls to specifically block VPN traffic.

Oprindeligt skrevet af Satoru:

Unless you’re a reporter in Iran or such where the government is actively trying to jail you, using a VPN is moot

I wondered if any angry VPN users have ever tried that roleplay on this forum yet.

based on the significant daily number of repeated chat room scammer account posting urls to same scam site over and over, my guess is that Valve is not blocking IP ranges or vpn ip of those scammers logging in.

Oprindeligt skrevet af 76561197960287930:

based on the significant daily number of repeated chat room scammer account posting urls to same scam site over and over, my guess is that Valve is not blocking IP ranges or vpn ip of those scammers logging in.

This would be largely counterproductive. In order to scam a scammer needs a “good” account to trade to. The account “scammer” is actually an additional victim in nearly all cases. Scammers done need Steam accounts, they use other peoples accounts

Oprindeligt skrevet af Nebsun:

Oprindeligt skrevet af Satoru:

This makes no sense in the modern web

Literally all the web is HTTPS now. Meaning all your communications are already secure point to point

Sidejacking MitM attacks on insecure WiFi networks were only relevant when HTTP was the norm. This is no longer the case

It mostly relies on the host to correctly configure their security architecture - sure, a VPN will only provide protection from your device to the VPN gateway, but it's better than nothing.
https://owasp.org/www-project-top-ten/

still top 2-5 of the top 10 security risks ranked by owasp are
A02:2021-Cryptographic Failures: "failures related to cryptography which often leads to sensitive data exposure or system compromise"

A03:2021-Injection
A04:2021-Insecure Design
A05:2021-Security Misconfiguration

Whenever using an untrusted network, a VPN is strongly advised - you don't have to go out and pay for one.. just set up something to get a secure tunnel to your trusted network.

I also use obfuscation, since it seems many places are moving to DPI firewalls to specifically block VPN traffic.

And again this sort of thinking is basically telling me “I simply will attack any vpn nodes because if you use that , you have no idea what you’re doing and I can compromise you easier.”

If the target website is vulnerable a vpn does not fix that. The fact you think it does is the problem

Oprindeligt skrevet af Satoru:

Oprindeligt skrevet af Nebsun:

sure, a VPN will only provide protection from your device to the VPN gateway, but it's better than nothing.

If the target website is vulnerable a vpn does not fix that. The fact you think it does is the problem

Mostly correct, but it depends on the vulnerability - getting a secure connection to a known secure private network is the first defence that will prevent anything leaking to whatever public / untrusted network you are connecting through. It won't solve all problems and it won't fix vulnerabilities - but it is about reducing exposure and reducing risk, and as such it will increase the security.