Subnostr

New OPSEC post coming...

Don't use public WiFi.

Please Login to reply.

Or if you do make sure you are connected to a trusted VPN. I run my own wireguard VPN so I'm always connected to home on the go.

VPN is always a good idea but it wouldn't protect against an evil portal attack.

I guess yeah if the portal is serving the log in form that makes sense.

Yeah this is an evil twin that serves up a captive portal with a phishing page in it.

People very often fall for these and if any skiddie with a Flipper can do it you know it's crazy easy.

Wen open source? 😉

Already open source. I'll put up a guide on how to do it too.

I would never pick a real Google account to login to a wifi, or more or less anything. And even if I got a WebAuth key to protect my main accounts.

But yeah, some might get tricked.

Six people put in real account details over the space of half an hour. No 2FA either.

We're all tech savvy here but normies get rekt. I'm writing about it in the hope plebs spread the word to their normie friends and family.

Most people just blindly trust captive portals and almost every captive portal uses plain HTTP.

These things are so cool 🤙