Security pros: If I run a fully patched OS, a fully patched browser, run HTTPS Everywhere set to “Block all unencrypted requests”, and run uBlock Origin, what are my practical risks when connecting to an unknown and possibly malicious wifi access point? (links welcome!)
-
-
Great point. Any links we should read up on?
-
No, not really, that risk is fully explained by my short description above. You're forced to browse to a website under control of the malicious party in Safari. I'm not sure if the seatbelt policy is identical between captive portal vs normal Safari.
-
Okay so that requires education, treat Wi-Fi login screen like a random website, never enter e.g. Facebook password even if it looks like FB? Relying on browser auto-fill helps. There was this attack, but only affected new devices on first wifi connection.https://dailydot.com/debug/macos-security-bug-blackhat/ …
-
Would be good if OS disallowed a captive portal to include a link to a CA certificate. They’re a little too easy to install, need loud and clear warning since they allow HTTPS intercept. To mitigate, browsers should pin certs or warn when they’ve changed?https://twitter.com/binitamshah/status/1043504147444781056?s=21 …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
