The misplaced trust in VPN providers: there's no honour amongst cyber-thieves

I wouldn't say you have to have actually worked with ISPs at a network level to understand how vulnerable your data is in the hands of your ISP, but it certainly helps.Until fairly recently one could set up a network analyser and watch the...

Share

I wouldn't say you have to have actually worked with ISPs at a network level to understand how vulnerable your data is in the hands of your ISP, but it certainly helps.

Until fairly recently one could set up a network analyser and watch the passwords flow in plain text.  

Even today any fool with a computer and direct access to an ISPs internal network can slurp the data flow to sidejack session cookies for I'd say over half the large web service providers operating.  

Once in possession of a session cookie, hackers can do anything from sending out spam email to your contacts to ordering goods on your credit card (depending on how much added security the web service provider offers).

One fact above all still surprises most non-technical people I speak to - the internet is not secure.  Your data is not encrypted by default and 80-90% of what you do online can be easily tracked.

And you're at your most vulnerable at your ISP.  Your ISP is your "first hop", meaning all your traffic goes through their network.

Your data is vulnerable throughout its entire journey, but other networks only catch a portion of your traffic; only your ISP sees the whole picture.


Find your next job with computerworld UK jobs