I used VPN server (Hola Better Internet) to change my IP address to US IP address to overcome regional restrictions. I wanted to buy something in USD istead of EUR. So my question is. Could the VPN server log my credit card informations? The connection was secured and I checked certificate. But I don't feel very strong in this area of expertise so I can't tell whether I'm in danger or not. What do you think guys?
Forum Thread: Can VPN Server Eavesdrop Secured Communication?
- Hot
- Active
-
Forum Thread: Whatsapp Hack? 16 Replies
4 hrs ago -
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
2 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
5 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
6 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
7 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
7 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
10 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
10 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
10 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Hack Android Using Kali (Remotely)
-
How To: Write Your Own Bash Script to Automate Recon
-
How To: Hack Networks & Devices Right from Your Wrist with the Wi-Fi Deauther Watch
-
How To: Find Vulnerable Webcams Across the Globe Using Shodan
-
How To: Enumerate SMB with Enum4linux & Smbclient
-
How To: Exploit EternalBlue on Windows Server with Metasploit
-
How To: Set Your Wi-Fi Card's TX Power Higher Than 30 dBm
-
How To: Hunt Down Wi-Fi Devices with a Directional Antenna
-
Tutorial: DNS Spoofing
-
How To: Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
How To: Install Kali Linux as a Portable Live USB for Pen-Testing & Hacking on Any Computer
-
Advanced Nmap: Top 5 Intrusive Nmap Scripts Hackers & Pentesters Should Know
-
How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
Hack Like a Pro: How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
How To: Hijack Chromecasts with CATT to Display Images, Messages, Videos, Sites & More
-
How To: The Hacks Behind Cracking, Part 2: How to Generate Software Keys
-
Hack Like a Pro: How to Conduct Passive OS Fingerprinting with p0f
-
How To: Upgrade a Dumb Shell to a Fully Interactive Shell for More Flexibility
22 Responses
It smells that its a stolen CC, Whatever.
It smells like this is forum is a hacking forum and of course people are using stolen CC's...
If you're stealing CCs that doesnt mean that ppl on this website use a stolen one's..
The credit card is mine and I wrote here to find out whether am I in danger or not. So sniff and smell whatever you want but you're wrong.
Most of the VPN's will log all the information, But I would go for it.
But what about SSL connection? Can VPN server see information unencryted? So could VPN server log my CC informations despite using site with SSL certificate for payment?
Not sure because I am not that familiar with VPN's, Maybe you should google and see how VPN works and I think common sense can solve the problem.
I said whatever, If you knew what I meant you wouldn't say that..
You are drunk
I would be more worried about the 420,000 websites that had data stolen on Monday.
"Russian gang stole 1.2 billion Net passwords"
I would use a pre paid card that allows you to logon to your acct and make CC numbers on the fly when needed.
They do have this with some companies. Make a number use it on the web and delete it afterwards when the transaction is complete.
The short answer and last post. :
"VPN is a Virtual Private Network: it isolates a group of machines from the rest of the world, so that these machines can talk to each other undisturbed by outsiders. If the isolation is reasonably thorough (it uses encryption, and it uses it properly), then communications between any two machines in the VPN will be protected from eavesdropping and alteration from machines which are not in the VPN.
But the VPN will not do anything against attackers who are already inside the VPN. Your desktop system is in the VPN; so is the server you are talking to. But there may be other machines as well. In fact, it is typical, in enterprise contexts, that all remote employees join the VPN, which will therefore contain many people as well as a bunch of corporate servers, and other systems of questionable security (e.g. printers).
Another point is that the VPN is between machines. In the "mainframe model", a given machine may run process from distinct users, with distinct rights. With SSL, the security is from one specific process on the client machine, to one specific process on the server. Even if the VPN uses authentication, it would be inconvenient for the client to get some accurate information on the identity of the server, and vice versa, because the VPN authentication is not made available to the individual process on the involved machines.
Therefore, in the presence of a VPN, SSL is redundant only if all the following characteristics are met:
the VPN provides confidentiality and integrity as well as SSL would (i.e. with correctly used cryptography);
all machines which may connect to the VPN are trusted;
authentication can be delegated to the VPN layer.
If unsure, use SSL and consider the network as hostile. This is the safe way."
Does it mean I do not need to be worried? Because even by my own knowledge SSL certificate would be invalid or changed in the case of MITM attack. So by checking certificate you can tell whether you are eavesdropped or not, am I right?
VPN has enter and exit nodes that you are not safe at . SSL is encrypted end to end. Both have weakness tho.
Certs are your friend, most of the time.
Weaknesses, right. So how likely is that someone managed to exploit that weaknesses and has seen my CC informations? In percentage.
If someone has/had the CC info you would know cause you will have strange charges showing up.
If you are that paranoid about it. Join Life lock or something along those lines and have the bank issue new cards.
You could make the buy and have the bank cancel the card and issue a new one. Most cases CC are protected by the bank for theft.
I would not yet because I used that VPN server yesterday and I believe most of stolen CC informations are sold on black market not used immediately. I could block my card in internet banking but it's quite pain in the ass to get new one and get it delivered takes some time. So I would do that only if the threat was real. That is why I asked how likely is that.
Let me see if I understand your question. You are using a VPN server to obscure your IP address and you want to use your credit card or have used your credit card while using the VPN? Do I understand you correctly?
If I do, the answer is "yes", the VPN server is capable of decrypting your credit card number, if they so choose. This begs the question, though, why are you using a VPN that you don't trust?
I don't use VPN server. Not normaly. I used it yesterday. Once. I wanted to buy something for US dollars and I needed US IP address. Otherwise the payment would be in euros which would make it more expensive. The easiest for me was to use Hola Unblocker / Hola Better Internet. I don't know whether that server can be trusted or not, but which one can be? It's issue of all free VPN servers. You can only trust to your own server. And in most of cases you can also trust paid services operated by known provider. But because of one time deal there is no point to pay for VPN server. Especialy when you try to save money.
So... am I in real danger? Should I block my credit card?
Personally, I wouldn't worry about it unless had reason to believe my CC was stolen.
For such purposes I usually use anonine.com, these guys don't keep logs and credit card info. You need just to chose payment system (e.g. pay pall) and only this system will receive the number of your credit card (anonine.com will receive money on its account but not your financial info).
Share Your Thoughts