Toxic Proxies - Bypassing HTTPS and VPNs to Pwn Your Online Identity

Do you think you're safe when using a VPN? Alex Chapman and Paul Stone recently showed us at DEFCON 2016 we're not. In this talk they revealed how recent improvements in online security and privacy can be undermined by decades old design flaws in obscure specifications. These design weaknesses can be exploited to intercept HTTPS URLs and proxy VPN tunnelled traffic.

This video provides some of the demos used during the talks and help to show how a rogue access point or local network attacker can use these new techniques to bypass encryption, monitor your search history and take over your online accounts.

You can find the original blog post here