Originally Posted by bpratt
Keep in mind that you need to trust whoever's at the other end of the connection, or you're wasting your time. Frankly, you're probably better off just focusing on using secure services (i.e. SSL/HTTPS instead of plain text logins, SSH instead of telnet, etc).
The problem with HTTPS is that it typically only encrypts login pages, not the content behind them. And what's more, it's very popular these days for banks and e-mail services to use the known-flawed model of security (theater) where the log-in page itself isn't actually HTTPS:
http://blogs.msdn.com/ie/archive/2005/04/20/410240.aspx
When
Microsoft of all companies is complaining of something having bad security, you know you can't trust it.
I realize that I'll have to trust the endpoint, but that's still infinitely better than having to trust anyone who is within sniffing range of WiFi or who has access to the hotel's network, for example. If I'm abroad and the endpoint is in the US, that cuts out a lot of potential attackers between me and my data.