• ShittyRedditWasBetter@lemmy.world
    link
    fedilink
    arrow-up
    70
    ·
    1 year ago

    None of the actual matters and this attack is rarely used these days. 99.9% of shit is encrypted “over the line”. Unless you have some tls zero day you ain’t getting shit besides leaked DNS.

    • deerdelighted@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Can’t the hacker though spoof some fake websites and trick you into giving your information? If they control the WiFi they control the DNS don’t they?

      • ShittyRedditWasBetter@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I’m mean sure if they have mapping for every major bank and target they are going for and a good enough fake to back it up.

        But it’s such a low success rate with it being easy to be caught is practically not done.

    • kamenLady.@lemmy.world
      link
      fedilink
      arrow-up
      18
      ·
      1 year ago

      The connection to the website is encrypted, but you are right, it’s not like pre HTTPS badness

      I assume the good ol’ E-Mail Spam Business is still going strong and getting stronger. If more people make business online, the more will fall to the “there’s a problem with your account, please re-enter your credentials” bait.

      I’ve even seen phrases like: your account may have been compromised, please enter now your credentials to fix the problem and add a laver of protection to your privacy.

      In the last few weeks, I got the same “your account is on hold” ( font in google colors ), always from a different sender, multiple times a day … Flagging these as Spam has no effect.

      • newIdentity@sh.itjust.works
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        1 year ago

        It’s basically the same. Nowadays there barely is any app that isn’t using HTTPS

        This has been a problem like 5 years ago though. Like TikTok hasn’t been encrypted for a long time. If you’re worried, use a VPN-Tunnel that you trust.

        Nowadays the only thing that is unencrypted is the site you’re accessing since the DNS protocol isn’t encrypted, but that’s also changing with the adoption of DNS over HTTPS

    • darcy@sh.itjust.works
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      nonono that one is a honeypot!!! unlike my superior vpn company (it pinky swore it doesnt keep logs)

  • hackris@lemmy.ml
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    Everything is encrypted nowadays, with HTTP or similar. They only get DNS requests (if you use DNS over HTTPS or over TLS, not even that). Unless you have a zero day in your encryption scheme or network stack, you’re fine.

  • Rootiest@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    I use Tailscale (or the fully-self-hosted Headscale) to ensure all my data is routed through my home whether my phone/laptop is on cell data, public wifi, or otherwise.

    One can also simply use it to ensure communication between specific devices is always secure and available but I also find it quite useful as a way to secure all my data when away from home.

    It’s free for 5 users/100 devices per account with virtually all of the features available to the free plan.

    There is also a paid option which should really only be interesting to businesses/etc which have many users to connect. Alternatively self-host g Headspace has no restrictions at all.

  • catsup
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Nice PSA. I’ll probably use this, it’s very easy to understand

  • lnee@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    The only reason why open wi-fi is insecure is because of captive Wi-Fi portals and I’m not saying that the Wi-Fi itself or the internet access is insecure it’s just that captive Wi-Fi portals are inherently insecure because they block secure http and also with the website you’re going on to don’t have https so you can easily figure out the password that they want you to enter in or be able to steal somebody else’s session so you don’t have to pay or you can just get into a Xfinity router or something