Cybersecurity

7563 readers

245 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Is public WiFi actually dangerous? (lemm.ee)

submitted 2 weeks ago by [email protected] to c/cybersecurity

18 comments fedilink hide all child comments

I came across a Reddit thread about someone using a neighbour's WiFi, and the (unknown) neighbour later changed the ssid to the user's gaming handle.

Lots of comments saying that public WiFi can be a trap, and a malicious actor can see all your packets, sniff your passwords, spoof login pages.... And not one refuting it with SSL.

Am I missing something?! Is a WiFi/LAN actually that dangerous? I thought pretty much every site and service uses SSL these days, and signed certificates so (unless you have a particular Lenovo or Dell model) DNS spoofing won't work.

And aren't most ports on your own computer closed by default now? Unless you've opened ssh or a samba share with a poor password or something?

I realise packets can still be sniffed, website use can be tracked (but not the data, not things like passwords). With more work, that could be correlated to, for instance, what time a user logs on to a discord server.

Have I missed something big? Is someone else's WiFi or LAN actually dangerous?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 2 weeks ago (1 children)

HSTS prevents the malicious redirect for most websites. Steam is one of them.

[–] [email protected] 2 points 2 weeks ago (1 children)

Not sure thats true in all cases. If you log into my wifi and I give you steam.com as a redirect and your browser doesnt know it, what then?

[–] [email protected] 2 points 2 weeks ago (1 children)

steam.com is a nice example, as its an old, unused domain. If you were to visit steam.com, an attacker could likely forward it to another domain.

However, with store.steampowered.com, this attack would not succeed if you have visited this website in the last 120 days.

[–] [email protected] 3 points 2 weeks ago

I was expecting that store.steampowered.com (or steampowered.com) would be on the HSTS preload list, but it's not for some reason.