That’s close to 6 mails a day, every day, for 300 days in a row. Not counting the many other systems that ask me for textual input on a regular basis (Pivotal Tracker, Basecamp, Viber, Slack, iMessage, …).
I gotta work on that.
Q: Why is this
When you see your browser complaining about the sites security certificate (see screenshots below for the common browsers), then do not proceed and visit the site. It means that someone having access to your network is trying to get access to your information, even to your account. This might be somebody on your local network (like in a Starbucks) or it might even be your government (like China is currently doing for well known sites like iCloud and Google).
If you see your browser showing a message like this, it means that the connection is not secure and encrypted as it usually is. It means that whatever you type into your browser (like your accounts password) will be sent to the entity highjacking your connection. This process is called Man In The Middle Attack (MITM). So, unless you absolutely know what you’re doing, ignoring the warning is almost always the wrong choice leading to your secrets being no longer secret. This happens most often in a public wifi like a Starbucks, but it could be your company, your Internet Service Provider, your government or a random hacker using a flaw in any of your otherwise reasonably secure connection.
So what can you do about this? Primarily, you need to make sure you have a secure connection on a network level. Whatever connection you were using before is compromised. There are three easily accessible options out there:
One option is to change your connection completely, so if you’ve been on a public Wifi before, switch to a hotspot provided by your phone. Most likely the entity snooping in on one of your networks, cannot do so for the other. Governments and Intelligence Agencies being the exception here. Only the second option will circumvent their efforts in undermining your security.
The second option is to put a layer of encryption over the current connection. You could use a Virtual Private Network (VPN) for that. A VPN basically encrypts all network transmissions, regardless of whether or not the application that you want to use is already secure. This results in your connection being secured twice in a good case when no hacker is around – whilst in a bad case (hacker sniffing in on you), your connection is still secured by a VPN.
Do not use the often cited third option: Do not use Tor to prevent yourself from a MITM attack. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. Therefore, it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. However, the exist nodes for Tor make normal unencrypted requests – meaning they will not prevent you from a MITM attack. They might for your specific case, so if you wanted to try it against your current problem, it might work. On the other hand these Tor exit nodes might also be malicious users explicitly out there to steal your information. So better go with a trusted VPN.
Note: This is a repost from my article over at http://blog.voicerepublic.com/be-careful-when-seeing-a-browser-warning/