I used VPN server (Hola Better Internet) to change my IP address to US IP address to overcome regional restrictions. I wanted to buy something in USD istead of EUR. So my question is. Could the VPN server log my credit card informations? The connection was secured and I checked certificate. But I don't feel very strong in this area of expertise so I can't tell whether I'm in danger or not. What do you think guys?
Forum Thread: Can VPN Server Eavesdrop Secured Communication?
- Hot
- Active
-
Forum Thread: Gaining Access into the Victim's Whatsapp on Android 12 Replies
4 days ago -
Forum Thread: Whatsapp Hack? 19 Replies
4 days ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
1 wk ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 2 Replies
3 wks ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
3 wks ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
2 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
2 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
2 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
3 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
3 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
3 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
3 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
3 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
4 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
4 mo ago -
Forum Thread: How to Run and Install Kali Linux on a Chromebook 18 Replies
5 mo ago -
Forum Thread: How to Find Admin Panel Page of a Website? 13 Replies
6 mo ago -
Forum Thread: can i run kali lenux in windows 10 without reboting my computer 4 Replies
6 mo ago -
Forum Thread: How to Hack School Website 11 Replies
6 mo ago -
Forum Thread: Make a Phishing Page for Harvesting Credentials Yourself 8 Replies
6 mo ago
-
How To: Exploit EternalBlue on Windows Server with Metasploit
-
How To: Enumerate SMB with Enum4linux & Smbclient
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To: Use SQL Injection to Run OS Commands & Get a Shell
-
How To: Get Root with Metasploit's Local Exploit Suggester
-
How To: Brute-Force FTP Credentials & Get Server Access
-
How To: Create Custom Wordlists for Password Cracking Using the Mentalist
-
How To: Perform Local Privilege Escalation Using a Linux Kernel Exploit
-
The Hacks of Mr. Robot: How to Send a Spoofed SMS Text Message
-
How To: Dox Anyone
-
How To: Find Vulnerable Webcams Across the Globe Using Shodan
-
How To: Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How to Hack Wi-Fi: Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
Tutorial: DNS Spoofing
-
How To: Bypass File Upload Restrictions on Web Apps to Get a Shell
-
How To: Clear the Logs & Bash History on Hacked Linux Systems to Cover Your Tracks & Remain Undetected
-
How To: Exploit Shellshock on a Web Server Using Metasploit
22 Responses
It smells that its a stolen CC, Whatever.
It smells like this is forum is a hacking forum and of course people are using stolen CC's...
If you're stealing CCs that doesnt mean that ppl on this website use a stolen one's..
The credit card is mine and I wrote here to find out whether am I in danger or not. So sniff and smell whatever you want but you're wrong.
Most of the VPN's will log all the information, But I would go for it.
But what about SSL connection? Can VPN server see information unencryted? So could VPN server log my CC informations despite using site with SSL certificate for payment?
Not sure because I am not that familiar with VPN's, Maybe you should google and see how VPN works and I think common sense can solve the problem.
I said whatever, If you knew what I meant you wouldn't say that..
You are drunk
I would be more worried about the 420,000 websites that had data stolen on Monday.
"Russian gang stole 1.2 billion Net passwords"
I would use a pre paid card that allows you to logon to your acct and make CC numbers on the fly when needed.
They do have this with some companies. Make a number use it on the web and delete it afterwards when the transaction is complete.
The short answer and last post. :
"VPN is a Virtual Private Network: it isolates a group of machines from the rest of the world, so that these machines can talk to each other undisturbed by outsiders. If the isolation is reasonably thorough (it uses encryption, and it uses it properly), then communications between any two machines in the VPN will be protected from eavesdropping and alteration from machines which are not in the VPN.
But the VPN will not do anything against attackers who are already inside the VPN. Your desktop system is in the VPN; so is the server you are talking to. But there may be other machines as well. In fact, it is typical, in enterprise contexts, that all remote employees join the VPN, which will therefore contain many people as well as a bunch of corporate servers, and other systems of questionable security (e.g. printers).
Another point is that the VPN is between machines. In the "mainframe model", a given machine may run process from distinct users, with distinct rights. With SSL, the security is from one specific process on the client machine, to one specific process on the server. Even if the VPN uses authentication, it would be inconvenient for the client to get some accurate information on the identity of the server, and vice versa, because the VPN authentication is not made available to the individual process on the involved machines.
Therefore, in the presence of a VPN, SSL is redundant only if all the following characteristics are met:
the VPN provides confidentiality and integrity as well as SSL would (i.e. with correctly used cryptography);
all machines which may connect to the VPN are trusted;
authentication can be delegated to the VPN layer.
If unsure, use SSL and consider the network as hostile. This is the safe way."
Does it mean I do not need to be worried? Because even by my own knowledge SSL certificate would be invalid or changed in the case of MITM attack. So by checking certificate you can tell whether you are eavesdropped or not, am I right?
VPN has enter and exit nodes that you are not safe at . SSL is encrypted end to end. Both have weakness tho.
Certs are your friend, most of the time.
Weaknesses, right. So how likely is that someone managed to exploit that weaknesses and has seen my CC informations? In percentage.
If someone has/had the CC info you would know cause you will have strange charges showing up.
If you are that paranoid about it. Join Life lock or something along those lines and have the bank issue new cards.
You could make the buy and have the bank cancel the card and issue a new one. Most cases CC are protected by the bank for theft.
I would not yet because I used that VPN server yesterday and I believe most of stolen CC informations are sold on black market not used immediately. I could block my card in internet banking but it's quite pain in the ass to get new one and get it delivered takes some time. So I would do that only if the threat was real. That is why I asked how likely is that.
Let me see if I understand your question. You are using a VPN server to obscure your IP address and you want to use your credit card or have used your credit card while using the VPN? Do I understand you correctly?
If I do, the answer is "yes", the VPN server is capable of decrypting your credit card number, if they so choose. This begs the question, though, why are you using a VPN that you don't trust?
I don't use VPN server. Not normaly. I used it yesterday. Once. I wanted to buy something for US dollars and I needed US IP address. Otherwise the payment would be in euros which would make it more expensive. The easiest for me was to use Hola Unblocker / Hola Better Internet. I don't know whether that server can be trusted or not, but which one can be? It's issue of all free VPN servers. You can only trust to your own server. And in most of cases you can also trust paid services operated by known provider. But because of one time deal there is no point to pay for VPN server. Especialy when you try to save money.
So... am I in real danger? Should I block my credit card?
Personally, I wouldn't worry about it unless had reason to believe my CC was stolen.
For such purposes I usually use anonine.com, these guys don't keep logs and credit card info. You need just to chose payment system (e.g. pay pall) and only this system will receive the number of your credit card (anonine.com will receive money on its account but not your financial info).
Share Your Thoughts