While all that's true, it's not the design of SSL that is at issue, but rather bugs in the SSL stack, such as this null-prefix certificates issue. While I don't know the state of Microsoft's stack for this bug, ubuntu just released a patch for wget yesterday for it (USN-842-1, CVE-2009-3490). No one is really talking about DNSSEC, but if you were using a wifi connection (the original use case in this thread of using a VPN over wifi) and thought you were secure because you were using SSL, MITM via DNS is still a possible attack vector, as hapless points out elsewhere in these comments. Obviously a VPN over wifi wouldn't secure you for accessing paypal.com via SSL (which is a public resource), but other, private resources secured with only SSL but resolved via public DNS are at risk (wifi or not).