Cybersecurity

7600 readers

42 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Is public WiFi actually dangerous? (lemm.ee)

submitted 2 weeks ago by [email protected] to c/cybersecurity

18 comments fedilink hide all child comments

I came across a Reddit thread about someone using a neighbour's WiFi, and the (unknown) neighbour later changed the ssid to the user's gaming handle.

Lots of comments saying that public WiFi can be a trap, and a malicious actor can see all your packets, sniff your passwords, spoof login pages.... And not one refuting it with SSL.

Am I missing something?! Is a WiFi/LAN actually that dangerous? I thought pretty much every site and service uses SSL these days, and signed certificates so (unless you have a particular Lenovo or Dell model) DNS spoofing won't work.

And aren't most ports on your own computer closed by default now? Unless you've opened ssh or a samba share with a poor password or something?

I realise packets can still be sniffed, website use can be tracked (but not the data, not things like passwords). With more work, that could be correlated to, for instance, what time a user logs on to a discord server.

Have I missed something big? Is someone else's WiFi or LAN actually dangerous?

you are viewing a single comment's thread
view the rest of the comments

[–] taladar 10 points 2 weeks ago (2 children)

Unless websites use the very latest version of SSL at the very least the hostname you connect to (the Server Name Indication field) is visible. As are your DNS queries unless you use DoT or DoH or DNSCrypt or some similar encrypted DNS protocol.

Until very recently most browsers also defaulted to using http for any address you typed into the address bar without a protocol so your first request was HTTP and could redirect you to an entirely different website. DNS spoofing would work just fine with this since the website you actually connect to over https after the redirect is already attacker controlled and has a certificate for hat attacker controlled domain (e.g. with replacement unicode characters that look virtually identical to the original website domain name).

The router can also see your Mac address so they might have a unique identifier to track you across open Wifi networks (if we are talking commercial country-wide installations run by one company).

Many gaming protocols also do not use TLS encryption since they rely on UDP and while there are encryption variants for that gaming is often unreasonably optimized for speed over everything else.

So in summary, in general, yes, the network you are connected to can be dangerous and can learn some information about your network usage.

[–] lurch 3 points 2 weeks ago (1 children)

You can additionally use a VPN ot TOR to mask more, but in theory the VPN hoster or TOR exit node can see connections someone makes to the sites. The TOR exit nodes just don't know it's you and what you're doing in encrypted connections. VPN providers may know it's you, from your payment data.

[–] taladar 3 points 2 weeks ago

Tor exit nodes could also identify you if they cooperate with some of the websites you visit (the way e.g. a government could force them to).

[–] [email protected] 3 points 2 weeks ago

Unless websites use the very latest version of SSL at the very least the hostname you connect to (the Server Name Indication field) is visible.

Has this been finalised? I'd really like to configure my Apache to get rid of SNI.