<div>
Your question is a tough one.<br />
<br />
Theoretically, all endpoints must be secured if you want all traffic to be secured.<br />
<br />
As in pc1, you use unsecured wifi network, it is possible to use https injection to capture the traffic while you rdp via logmein to pc2.<br />
<br />
<a href="http://securethoughts.com/2009/06/multiple-vulnerabilities-in-logmein-web-interface-can-be-used-to-control-your-computer-and-steal-arbitary-files/" rel="ugc">http://securethoughts.com/2009/06/multiple-vulnerabilities-in-logmein-web-interface-can-be-used-to-control-your-computer-and-steal-arbitary-files/</a><br />
<br />
Technically, if you access from pc1 to pc2 via public unsecured hotspots, you need to locate whether there is any packet sniffer in the vicinity. A discussion is in the link below.<br />
<br />
<a href="http://www.netstumbler.org/netstumbler/detecting-wifi-users-sniffers-t9747.html" rel="ugc">http://www.netstumbler.org/netstumbler/detecting-wifi-users-sniffers-t9747.html</a><br />

</div>


<div>
<b>PC1 is connected to internet via an unsecured wireless connection</b><br />
when PC1 connected to Internet PC1 has two type of conenctions, <br />
1) PCI--------WAP/Router (Non Secure)<br />
2) Router----ISP (Secure)<br />
--------------------------<wbr />----------<wbr />----------<wbr />--<br />
PC1 remotes into PC2 using logmein. (this is an AES256-SHA 256 bit encryption)<br />
when PC1 remotes PC2 has below type of conenctions.<br />
<br />
Option (if PC1 in LAN and PC2 on LAN/WAN)<br />
1) PC1--------WAP/Router (Non Secure)<br />
2) Router----ISP (Secure)<br />
3)PC1-----------PC2 (Secure) once PC1 will try to login PC2, all information will be proteced and secured so viewing password information in not possible<br />
--------------------------<wbr />----------<wbr />----------<wbr />----------<wbr />----------<wbr />-----<br />
PC2 is then used to take over PC3 via logmein over a secured or cabled network connection. Again this connection is also AES256-SHA 256 bit encryption.<br />
1) PC1--------WAP/Router (Non Secure)<br />
2) Router----ISP (Secure)<br />
3)PC1-----------PC2 (Secure) once PC1 will try to login PC2, all information will be proteced and secured so viewing password information in not possible<br />
4)Communication between All 3 (PC1----PC2------PC3) will be secure.<br />
--------------------------<wbr />----------<wbr />----------<wbr />----------<wbr />----------<wbr />--------<br />
<br />
<br />
&nbsp;<br />
<br />

</div>


<div>
So, if I get this right<br />
PC1 (Unsecured WAN) -&gt; logmein Site (Enctypted) the only data available for snooping would be the login info to logmein's website.<br />
Once I get to PC2 (via logmein encrypted link) everything past that point is secured, either to PC2 or (obviously PC2 -&gt;PC3) as that is over a secured wired lan and encrypted between the two PCs.<br />
<br />
What about the keystrokes I am sending from PC1 (Unsecured wireless) to PC2 - even though that connection is encrypted, isn't something visible coming off the PC1 through the wireless? &nbsp;When they say do not use unsecured wireless to login to a bank (for example) is that because they are warning against the INITIAL use of the username and password, and not anything after you enter a secured site?
</div>


<div>
Sorry for my late reply.<br />
warning of Unsecured Wireless connection is something else, you can also try enabling Wireless MAC filtering in your wireless router but still you will see warning despite the connetion is secure.<br />
<br />
if you are using a non sucure link, then your packet to wap can be open, but if you are using same unsecure connetion for communication to any secure link (web ex, logme in, ipsec) these packets will not be opened, how<br />
<br />
lets say you have VPN device @ your office, now &nbsp;you are in home. you have one vpn software installed in your pc or you have SSL link provided by your ofiice IT, when you try to connect your VVPn or SSL VPN all information will be encrypted regardless of your link (PC---WAP) is secure or not.<br />
&nbsp; &nbsp; &nbsp;
</div>


<div>
Maybe a little backgound for a simple explaination will help:<br />
I was in the hospital (or starbucks, hotel, etc...) - they had wireless connectivity over an non-secured access point. &nbsp;My concern was that if I went to <a href="https://secure.logmein.com" rel="ugc">https://secure.logmein.com</a>&nbsp;the password I used to get into THAT site and the info transmitted AFTER logging in would be readable by someone more wireless savy than myself. &nbsp;I understand that if I log into my.yahoo.com (a non-secured/unencrypted site) that that info IS readable by someone (as it is unprotected packets) but I have come to learn that once I hit a secured site ALL data between me and that site is secured, even over an unsecured connection. &nbsp;Originally I thought to get this security I would need to go layers deep into the secured sites (thus PC2 -&gt; PC3) but PC1-&gt;PC2 would be open for snoopers. &nbsp;SO:<br />
Laptop (over open wireless) -&gt; NON secured site = Visible and open for snooping<br />
Laptop (over open wireless) -&gt; Secured site = Encrypted connection (open for snooping, but transmissions are encrypted so un-readable)<br />
<br />
Is this a correct assesment?
</div>


<div>
so is the username and password sent to the https site to login open for anyone to see?
</div>


<div>
FULLY SECURE.<br />
the time you receive URL with &quot;s&quot; asking for authentication user name &amp;&nbsp;password (regardless of lenght/type/....), means secure Site. &nbsp;
</div>


<div>
If I were you, I will not try to access https site in public hotspot unless that you are 100% sure that they are secured.<br />
<br />
If I were you, I will try to RDP with my saved credential from my win 7 notebook to my home / work computer running Win 7 before I access other https website.<br />
<br />
After all, if the route is not secured, it is not recommended.<br />
<br />
According to DNAspark99, it says:-<br />
<br />
&quot;Https, while definitely throwing an extra layer of security in the mix, is not the be-all end-all preventive measure some would like to believe.<br />
<br />
There are several 'tools' out there that can intercept and alter HTTPS streams. A SSL based MiTM attack usually works by modifying and then signing the server certificate. Because of the cert modification, the user will generally be prompted as to whether or not they'd like to accept a certificate that appears valid, relates to the right site, but is signed by a Certificate Authority they &quot;haven't yet chosen to trust yet&quot;. The smart thing would be to click 'no', but then you can't proceed. A simple click of 'yes' and they get their site.... and guess what most users will do? After all, most folks don't know what a Certificate Authority even is! :p<br />
<br />
Take it one step further, and if you can register your certificate with a trusted CA then the newly signed server certificate will be trusted automatically by most browsers. On the underground I would expect a handful of valid certificates to be circulating for this purpose. Or I suppose you could trick the user into recognizing your own CA through some basic redirection first, on a non-critical site somewhere where their 'guard' may be lower... and then you've literally '0Wn3D' 'em for whatever site they go to.<br />
<br />
So, SSL/HTTPS is not necessarily secure, but then practically nothing is. As with most attack vectors, a lot depends on the users ignorance or impatience. THE USER IS ALWAYS THE WEAKEST LINK AND EASIEST TO EXPLOIT!!&quot;<br />
<br />
Source: <a href="http://www.bcsportbikes.com/forum/archive/index.php/t-94570.html" rel="ugc">http://www.bcsportbikes.com/forum/archive/index.php/t-94570.html</a>
</div>


<div>
1. so you are saying that it is NOT secure when I log into a secured site (if there are no certificate warnings) and then connect to a remote PC via an encrypted link? &nbsp;<br />
<br />
2. If the connection between my PC and the other PC shows a certificate warning I would not proceed and try again. &nbsp;This has happened if I am in a session and lose connectivity (IE the lease expires from the router and I have to revisit the router logon page and then try to resume the previous session which is still open in another window) If I receive this error I close the browser and start from scratch without getting the cert error. &nbsp;(I NEVER proceed to past a cert error warning)<br />
<br />
Without a RDP connection - is it safe to assume that this is &quot;as secure&quot; as I can get with a non secured connection?<br />

</div>


<div>
If it is perfectly secured, why logmein offer LogMeIn Hamachi²?<br />
<br />
<a href="https://secure.logmein.com/products/hamachi2/" rel="ugc">https://secure.logmein.com/products/hamachi2/</a><br />
<br />
User guide is in the link below.<br />
<br />
<a href="https://secure.logmein.com/welcome/documentation/EN/pdf/Hamachi2/LogMeIn_Hamachi2_GettingStarted.pdf" rel="ugc">https://secure.logmein.com/welcome/documentation/EN/pdf/Hamachi2/LogMeIn_Hamachi2_GettingStarted.pdf</a><br />
<br />
As an IT expert, I cannot be pretty sure my notebook is free of malware. Malware can change what and how your OS handles certificate.<br />
<br />
Pay a few more bucks to get LogMeIn Hamachi² and follow the guide below if you insist to use public hotspots.<br />
<br />
<a href="http://www.associatedcontent.com/article/5557188/discover_how_to_browse_the_internet.html" rel="ugc">http://www.associatedcontent.com/article/5557188/discover_how_to_browse_the_internet.html</a>
</div>


<div>
Thank you. &nbsp;I was asking the question due to a situation I sometimes find myself in. &nbsp;Needing to access a client's PC remotely and not having the option of a secured connection. &nbsp;I wanted to know the ramifications of connecting via an unsecured access point to a secured and encrypted site and I beleive the question was answered correctly and to my understanding. &nbsp;I was not requesting a different way of securing a connection which is where some of the answers we leading me as I do not need a VPN to access data on another computer, but my desire is to remotely control a distant PC.
</div>


<div>
<div class="content wysiwyg-content">
Using an UNSECURED wireless connection to take over a remote computer using gotomypc, logmein, VPN or any secured remote software, and then use THAT computer to remote into another computer over a secure or cabled connection, is the second connection secured at all or is it too open?<br />
<br />
Here is an example:<br />
PC1 is connected to internet via an unsecured wireless connection.<br />
PC1 remotes into PC2 using logmein. (this is an AES256-SHA 256 bit encryption)<br />
PC2 is then used to take over PC3 via logmein over a secured or cabled network connection. Again this connection is also AES256-SHA 256 bit encryption.<br />
<br />
Is the data transmitted between PC2 &amp;&nbsp;PC3 (being viewed and controlled by PC1) secure? &nbsp;if passwords are exchanged between PC2 &amp;&nbsp;PC3 are they able to be intercepted and viewed due to the unscured connection between PC1 and PC2?
</div>
</div>


Using an UNSECURED wireless connection to take over a remote computer using gotomypc, logmein, VPN or any secured remote software, and then use THAT computer to remote into another computer over a secure or cabled connection, is the second connection secured at all or is it too open?

Here is an example:
PC1 is connected to internet via an unsecured wireless connection.
PC1 remotes into PC2 using logmein. (this is an AES256-SHA 256 bit encryption)
PC2 is then used to take over PC3 via logmein over a secured or cabled network connection. Again this connection is also AES256-SHA 256 bit encryption.

Is the data transmitted between PC2 & PC3 (being viewed and controlled by PC1) secure?  if passwords are exchanged between PC2 & PC3 are they able to be intercepted and viewed due to the unscured connection between PC1 and PC2?

When does an unsecured wireless connection become secure?

Wireless networking is anything related to the transfer of data between two (or more) devices without the use of a physical connection, ranging from getting advice on a new Bluetooth headset to configuring sophisticated enterprise level networks.

Wireless Networking

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.