I used VPN server (Hola Better Internet) to change my IP address to US IP address to overcome regional restrictions. I wanted to buy something in USD istead of EUR. So my question is. Could the VPN server log my credit card informations? The connection was secured and I checked certificate. But I don't feel very strong in this area of expertise so I can't tell whether I'm in danger or not. What do you think guys?
Forum Thread: Can VPN Server Eavesdrop Secured Communication?
- Hot
- Active
-
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
1 mo ago -
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
1 mo ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
2 mo ago -
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
3 mo ago -
Forum Thread:
Execute Reverse PHP Shell with Metasploit
1
Replies
4 mo ago -
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
5 mo ago -
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
5 mo ago -
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
6 mo ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
6 mo ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
7 mo ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
9 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
9 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
9 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
9 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
9 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
9 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
10 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
10 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
11 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
11 mo ago
-
How To:
Scan for Vulnerabilities on Any Website Using Nikto
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
Hack Like a Pro:
Networking Basics for the Aspiring Hacker, Part 2 (TCP/IP)
-
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
-
How To:
Exploit EternalBlue on Windows Server with Metasploit
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
How To:
Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
How To:
Unlock Facial Detection & Recognition on the Inexpensive ESP32-Based Wi-Fi Spy Camera
-
Hacking Pranks:
How to Flip Photos, Change Images & Inject Messages into Friends' Browsers on Your Wi-Fi Network
-
How To:
Fix Bidirectional Copy/Paste Issues for Kali Linux Running in VirtualBox
-
How To:
Get Root with Metasploit's Local Exploit Suggester
-
How To:
Run USB Rubber Ducky Scripts on a Super Inexpensive Digispark Board
-
How To:
Build an Off-Grid Wi-Fi Voice Communication System with Android & Raspberry Pi
-
How To:
Use SQL Injection to Run OS Commands & Get a Shell
-
How To:
Pick an Antenna for Wi-Fi Hacking
-
How To:
Brute-Force FTP Credentials & Get Server Access
-
How To:
Create & Obfuscate a Virus Inside of a Microsoft Word Document
-
How To:
Exploit Java Remote Method Invocation to Get Root
-
How To:
Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
22 Responses
It smells that its a stolen CC, Whatever.
It smells like this is forum is a hacking forum and of course people are using stolen CC's...
If you're stealing CCs that doesnt mean that ppl on this website use a stolen one's..
The credit card is mine and I wrote here to find out whether am I in danger or not. So sniff and smell whatever you want but you're wrong.
Most of the VPN's will log all the information, But I would go for it.
But what about SSL connection? Can VPN server see information unencryted? So could VPN server log my CC informations despite using site with SSL certificate for payment?
Not sure because I am not that familiar with VPN's, Maybe you should google and see how VPN works and I think common sense can solve the problem.
I said whatever, If you knew what I meant you wouldn't say that..
You are drunk
I would be more worried about the 420,000 websites that had data stolen on Monday.
"Russian gang stole 1.2 billion Net passwords"
I would use a pre paid card that allows you to logon to your acct and make CC numbers on the fly when needed.
They do have this with some companies. Make a number use it on the web and delete it afterwards when the transaction is complete.
The short answer and last post. :
"VPN is a Virtual Private Network: it isolates a group of machines from the rest of the world, so that these machines can talk to each other undisturbed by outsiders. If the isolation is reasonably thorough (it uses encryption, and it uses it properly), then communications between any two machines in the VPN will be protected from eavesdropping and alteration from machines which are not in the VPN.
But the VPN will not do anything against attackers who are already inside the VPN. Your desktop system is in the VPN; so is the server you are talking to. But there may be other machines as well. In fact, it is typical, in enterprise contexts, that all remote employees join the VPN, which will therefore contain many people as well as a bunch of corporate servers, and other systems of questionable security (e.g. printers).
Another point is that the VPN is between machines. In the "mainframe model", a given machine may run process from distinct users, with distinct rights. With SSL, the security is from one specific process on the client machine, to one specific process on the server. Even if the VPN uses authentication, it would be inconvenient for the client to get some accurate information on the identity of the server, and vice versa, because the VPN authentication is not made available to the individual process on the involved machines.
Therefore, in the presence of a VPN, SSL is redundant only if all the following characteristics are met:
the VPN provides confidentiality and integrity as well as SSL would (i.e. with correctly used cryptography);
all machines which may connect to the VPN are trusted;
authentication can be delegated to the VPN layer.
If unsure, use SSL and consider the network as hostile. This is the safe way."
Does it mean I do not need to be worried? Because even by my own knowledge SSL certificate would be invalid or changed in the case of MITM attack. So by checking certificate you can tell whether you are eavesdropped or not, am I right?
VPN has enter and exit nodes that you are not safe at . SSL is encrypted end to end. Both have weakness tho.
Certs are your friend, most of the time.
Weaknesses, right. So how likely is that someone managed to exploit that weaknesses and has seen my CC informations? In percentage.
If someone has/had the CC info you would know cause you will have strange charges showing up.
If you are that paranoid about it. Join Life lock or something along those lines and have the bank issue new cards.
You could make the buy and have the bank cancel the card and issue a new one. Most cases CC are protected by the bank for theft.
I would not yet because I used that VPN server yesterday and I believe most of stolen CC informations are sold on black market not used immediately. I could block my card in internet banking but it's quite pain in the ass to get new one and get it delivered takes some time. So I would do that only if the threat was real. That is why I asked how likely is that.
Let me see if I understand your question. You are using a VPN server to obscure your IP address and you want to use your credit card or have used your credit card while using the VPN? Do I understand you correctly?
If I do, the answer is "yes", the VPN server is capable of decrypting your credit card number, if they so choose. This begs the question, though, why are you using a VPN that you don't trust?
I don't use VPN server. Not normaly. I used it yesterday. Once. I wanted to buy something for US dollars and I needed US IP address. Otherwise the payment would be in euros which would make it more expensive. The easiest for me was to use Hola Unblocker / Hola Better Internet. I don't know whether that server can be trusted or not, but which one can be? It's issue of all free VPN servers. You can only trust to your own server. And in most of cases you can also trust paid services operated by known provider. But because of one time deal there is no point to pay for VPN server. Especialy when you try to save money.
So... am I in real danger? Should I block my credit card?
Personally, I wouldn't worry about it unless had reason to believe my CC was stolen.
For such purposes I usually use anonine.com, these guys don't keep logs and credit card info. You need just to chose payment system (e.g. pay pall) and only this system will receive the number of your credit card (anonine.com will receive money on its account but not your financial info).
Share Your Thoughts