Saab Dastard,
I feel I should clarify your clarification.
Communicating over an usecured wifi LAN does not mean that SSL traffic (HTTPS) is unencrypted
Yes, that's the theory and reason why SSL was invented. To provide a secure means of data transfer over unsecure networks.
HOWEVER
If your immediate upstream router is, unknowingly to you, providing SSL proxy functionality. Then there is the theoretical possibility of a man in the middle attack because your upstream router could imitate the SSL website.
There are also theorectically DNS based and other ways to at least partially achieve the same goal.
As an example of a form of SSL Proxy that does exist today. Corporate quality firewalls, such as those used by banks, will frequently be configured to intercept SSL requests, decrypt them, do security checks or read packets for load balancing purposes, and then re-encrypt data and pass it on.
Always amazes me in airport lounges with free wi-fi access how many business-bods you see with their laptops merrily checking their emails
It's a theoretically lot harder to do MITM with IPSec VPNs back to the office, specially certificate+two-factor based IPSec, ....because there are fewer avenues than SSL.
However I would still encourage reasonable caution when using untrusted networks, even though arguably you are in a better position than going all the way down the security chain and using untrusted PCs (e.g. internet café), which should always assumed to be full of viruses and spyware and never used for sensitive data.
Anyway....all this is getting too complicated and boring for PPRune.... so I suggest we put this topic to rest !
