Those of you who are using a notebook computer or mobile device such as an iPad, iPhone, Android or Android tablet and connecting to those public free wifi access hotspots may want to just ditch the WiFi after what I heard about today…
In spite of what I said about safe browsing from public wi-fi hotspots using a VPN a while back, it sounds like a “proof of concept” is about to be published which states that the mere action of connecting to a public WiFi hotspot, then establishing the VPN can potentially give away the VPN credentials. This could potentially happen whether it is an open (unsecured) access point, or a rogue (man-in-the-middle) AP.
If this is true, which we should know in a few weeks, then it sounds to me like ditching WiFi all together is not a bad idea if your data is valuable. 3g and 4g connectivity through your wireless provider may well be the best bet.
Obviously, this is not platform specific (Mac would be just as vulnerable as a Windows PC), and it is not a bug in the operating systems or VPN software.
I will be posting more information should it be proven to be a legitimate threat. Until then, stay safe….