Can someone explain how tls protect me from dns attacks?

😂

@@crescence5521 To protect yourself from dns attacks you have TLS Certificate Authorities

are you implying tls an save you?

@USERNAME_CHECKS_OUTBut you won't have HTTPS, or the fake certificate is going to be flagged - both of which you should know is a no-no to type your info in

wouldn't a Rogue AP work to decrypot the traffic?

​@@eib2445they can capture the actual packets and try to decrypt later but that's extremely unrealistic. Additionally, you can eliminate a lot of these issues with a simple VPN, but you must trust your VPN provider or set it up yourself as a VPN provider can also capture all of the packets as well. The thing is these kind of attacks we're extremely prevalent like 15 years ago, nowadays most browsers makes you go through a lot of steps if you're not visiting encrypted websites. This just isn't that realistic anymore for public Wi-Fi. There's some Advanced Techniques that can be used to capture a lot more data but people using those kind techniques will use much more sophisticated attacks that aren't even related to public Wi-Fi hijacking. I would be much more worried about people using RFID readers on wallets and purses then people attempting to use man-in-the-middle attacks on public Wi-Fi. RFID attacks and skimmers actually happened in the real world, these kind of attacks typically don't.

you are confused. ssl, tls, and hsts are all super easy to break and manipulate. so easy script kiddies earn how to do it on youtube lol

yes. super easy@@eib2445

@@beepboop-o5s they used to not be easy break, then again I haven't been in this field in a long time

'Some site' lmao

@@ImARealHumanPerson Yeah unfortunately I forgot which site I hope someone can remind me in the comments

​​@@Bananaa69t's Tryhackme, He is No.1 ranked there. But it's not site to measure Top hackers,because it's a learning platform for beginners 😅

@@ImARealHumanPersonwill THM is an easy site to rank high u can get top 0.1% if you do new to hacking and let’s say have it everyday training for 6-8 months But it’s courses and solving vul boxes that’s it Not the easiest thing out their but many top hackers don’t even use it Especially people who started back then it was frustration to work with basic stuff

"Some site" tell me you don't know what you're talking about without telling me you don't know anything about what you're talking about

lol do you have a point? ssl, hsts all of it, super easy to break. so easy, script kiddies can go learn how to do it n youtube lol

​@@beepboop-o5sif script kiddies can do it billions would have been lost each year.

Yes and you have to have a handshake to set that up. MITM for the win.

​@@beepboop-o5sbs

Irrelevant. Because if you are on the same WiFi network as your attacker, everyone gets the same encryption/decryption keys..including your attacker.

@@davidblunt5149 HSTS. And HSTS-Preload.

Bhaji kida haal chal

I assume this video meant phishing attacks, not just randomly stealing credentials from a device unless it has vulnerabilities to do so.

the guy talked about dns poisoning. the website where you login your credientials is his website. ssl or not he owns the backend

1. youre wrong. 2. faking certs is easy as fuck

TRUE

Thank you for making all those hand shakes over the compromised network. Of course when you connect to the VPN IP, its definitely the VPN hosting it... Complicated? Yep. Likely. Much less. Still not perfectly safe.

@@markp8295 yeah, so... It is my VPN because of my DNS over HTTPS/TLS. Otherwise, the connection fails. It's a direct mitigation against this.

​@@StiekemeHenk You are right for the most part, although in some cases you could still be compromised by TLS decryption and deep packet inspection. As a rule of thumb, compromised network is... compromised. You can mitigate against MIM, but won't be totally safe. Security is a cat and mouse game. All those hacking KZbin videos are oversimplified and usually showcase just the easiest, dumbest scenario. In reality, it's rarely that simple.

@@luk1505 I generally try to avoid public Wi-Fi networks as much as I can, always use my cellular data service whereever possible. That's not however always possible. One possible scenario is running out of data plan, which can happen in my case. Won't happen for unlimited data plans. Another, much likely scenario is coming to a place where there is very sparse cellphone service, and where it wouldn't be possible to connect to the internet using cellular data service. I came across one such place, there was no cellphone service, I wouldn't even be able to call an ambulance from my cellphone if something was to happen, anyone else in vicinity would face the same issue. Landline is a savior in that place for this purpose. I would even argue that this would be one of the few places where payphones would still make sense nowadays. But there is a restaurant for tourists, which has a public Wi-Fi for guests. And there's even a way to pay with your phone, but you have to be connected to that public Wi-Fi if you want so, which is a bit concerning. So why not cellular data? Well, there ain't any. Wi-Fi is the only way you can browse. You don't have to pay with your phone tho. As long as you have cash or a credit card with you to pay, you can always call the service to pay. Luckily.

@@luk1505now how would u decrypt the TLs I’m waiting ???

i see you know your thing

System of a Download

😮

His target demographic are imaginary people from 2001

you act like a 12 year old cant learn to ssl strip on youtube in 15 minutes.

@@IgorPodgorny-o5l Oh yeah, I didn't even think about doing that. And the attacker could easily get a free SSL cert so their bogus page has a valid secure 🔒 or ✅ on it regardless.

​@@IgorPodgorny-o5lthat used to work back in the day, but the majority of browsers nowadays put huge warnings on unsecured websites. And even more of a headache if the certifications don't match. These kind of attacks just don't happen much anymore, and realistically are even worth worrying about. Just use a trusted VPN provider, or set one up yourself. If it doesn't connect on a Wi-Fi network get the hell off that Wi-Fi network

serving up a fake ssl is simpler than making microwave food

Always has been, some people literally open padlocks by smashing them

No system is safe

​@@annoyinggastalots of padlock opens that way 😂

​@@ankokunokayoubiChina will grow larger

But not because of this. HSTS is enough to protect you in this case.

NetworkChuck and David Bombal have great channels. I believe they also have a video on the certifications you should get to get hired and what you should learn for them.

this is not something you learn but you learn about. cybersecurity is something very, very big. you yeah you can start with eJPT certification

wrong

@@beepboop-o5s please elaborate instead of just saying "wrong". your comment helps no one

@@beepboop-o5ssplain yuself

Yupe but if there’s away to strip the cert you are using with deep packet inspection then u are screwed avoid public networks is the best tjing

​@@ko-DaeguThank you for the answer. I don't use public. I was just curious.

HSTS stops this

​@Harisfd1😂

VPN isn't a protocol and doesn't necessarily implement encryption.

@@Geikith So, if a VPN service doesn't use a encryption protocol then that must mean it does not use encryption therefore there is no secure tunnel between two points. So, you need to explain what your version of a VPN is because in 12 years of IT knowledge, degrees, and experience, I have never seen or heard of a VPN product you are describing. Is this your own proprietary VPN service you engineered? If so, where the GIT repo? Please back up your argument. Note: it's been 13 hours and you haven't answered my comments. See people like you talk out of your arse, are uneducated, are hood, ya really need to get an education period instead of wasting my our time on here.

​@@elir.torres8642nord vpn would tunnel right on through protecting valuable data. GL cracking strong passwords

vpn does nothing to stop someone who wants your dta

in fairness, ryan has so much social anxiety he can barely talk in this interview.

proper connections are already secured with TLS

youre so boring. another wannabe that gets his jollies by pretending to know something. tls is so easily manipulated there are tutorials a twelve year old can follow on youtube. same goes for ssl, and hsts. stop being a hater to fuel your self esteem, and put your time into learning@@z08840

Dns spoofing not.

rogan?? lmfao

Fun fact, your phone is probably dirtier than a public toilet stall.

in fairness, ryan is insanely bad at communication and is so socilly awakward he can barely have this convo.

Damn I am about to start learning to use a secure dns before he reroutes my connection but what he got wrong is that you need to enter those passwords of course if he has deep malware or knows vulnerabilities within the browser he could try to retrieve it from within your browsers cached data which is not encrypted that’s risk

The dude is an absolute fraud lmfao. We don't use toys, we use out mf laptops.

they can still steal your data. sometimes that can be worth even more that *your* money. just one example is that the hacker wants to access the computers of the company you work for, getting their hands the company’s money or data by using *your* credentials

Just because you are poor doesn't mean someone wouldn't wanna hurt you or those you love. Think of it like this. Though you are poor and have nothing maybe worth stealing, that you're aware of. It's like choosing to leave your doors unlocked because you don't own anything seemingly desirable. While ignoring the fact that someone with iller intent may wanna victimize you and anyone who lives with you. Being mindful of your privacy and security also helps keep those you love and those you work for safe as well. If your device gets infected, it can be used to attack and/or infect friends, family, strangers, and companies. If you don't consider your information valuable or important. At least consider how your loved ones information could be valuable to a thief, stalker, bully or worse. Even if you don't get infected, if enough data is leaked it can potentially be used in a social engineering attack against loved ones or the company you work for