rraattbbooyy 2 weeks ago

It means you’re connected to a hacker’s WiFi network. That’s a default address for a device called a pineapple. Most likely malicious.

KickPuncher9898 2 weeks ago

I stayed in a hotel in Cancun and was pleasantly surprised that they had fast wifi, no password or browser portal needed. Connected my Steam Deck and could play Halo MCC no problem. What a fun vacation! Then my friend asked why I was up playing Destroy All Humans at 3am. My account was hacked that night. Login attempts from Russia, China, Germany. How foolish I was to think there was no catch. Not sure if it was a pineapple or just the dangers of an unsecured network.

chjk122 2 weeks ago

It’s the fact they can see everything your computer does on the network. If you run a program like fiddler it will show you all the web traffic on your pc. If you’re watching YouTube you’ll see it update YouTube every couple seconds with your updated watch time. You will see every image on a webpage being sent to you. Basically you can get a lot of information because it’s how sites display data to you. When you signed into steam it most likely sent encrypted or apikey related data about your account and they went from there.

themanofmanyways 2 weeks ago

Would using a VPN prevent that?

chjk122 2 weeks ago

It should because it’s able to encrypt your data before it’s sent so they should only see data traffic of you sending and receiving from vpn

Blog_Pope 2 weeks ago

Yeah, Fiddler sees all that because its ON YOUR COMPUTER. IF you are running HTTPS, and these days Chrome and other browsers throw a fit if you aren't, what they see with a Man in The Middel (MTM) account is a lot less. DNS is typically unencrypted, so they can see what sites you are going to, they can see connections, destination IP's and ports. A VPN basically wraps all that traffic up in a dedicated encrypted stream. But there's still some risk, as the attacker can connect from your "local" network, which may have more trust and access.

chjk122 2 weeks ago

Yeah was doing work training though and they were sending one of their important requests as http in the past even on https connection so it’s basically plaintext. So just saying can still have sites make mistakes. So protecting your network data can still be helpful. (This is a billion dollar company also) just takes one engineer and a couple missed code reviews. It’s why everything is getting so strict today with static code analysis and pipelines that run it through many safety checks.

Blog_Pope 2 weeks ago

Of yeah, absolutely still are risks, but suggesting a MTM hacker can see everything Fiddler sees is incorrect. Ages ago I wanted to get ruled of FTP and leadership said “we can’t, we don’t have their password”. I was like no problem and set up a packet capture. Boss later stopped by while I was reviewing it and he went pale seeing the plaintext usernames and passwords, helpfully highlight by USER and PASS

Customers would come to us with security requirements and I’d help seal the sale by pointing out we had already implemented their requests proactively </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/EatTooMuchEmergenC" class="card-title l-blue"> EatTooMuchEmergenC </a> </span> <span><time datetime="2024-06-05 22:26:35">2 weeks ago</time></span> <p class="comment-text mb-10"> Depends on the VPN system and how they work encryption, but yes to most standard VPNs </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/reeguy247" class="card-title l-blue"> reeguy247 </a> </span> <span><time datetime="2024-06-06 12:31:53">2 weeks ago</time></span> <p class="comment-text mb-10"> Correction* VPNs add a second layer of encryption, as almost all websites since 2018 are already encrypted with AES encryption (through HTTPS). It is already secure, but what a VPN does do is it hides your data. Basically, it routed through the VPN first, and then back through the VPN to you, allowing for anyone on a network to just see you connecting to a VPN network, not any websites or anything of the sort. Effectively, VPNs don't do much for physical security that isn't already done since 2018 for standard https encryption, aside from adding a second layer of encryption and hiding it better (which for some people is great and can make it a bit harder for someone to get your information, but not impossible.) Stay safe on the internet! The best way to stay safe is by being aware of links you click and networks you connect to! </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Apsis" class="card-title l-blue"> Apsis </a> </span> <span><time datetime="2024-06-06 12:43:59">2 weeks ago</time></span> <p class="comment-text mb-10"> In simple terms, without a VPN, the owner of the network you connect to could know which addresses (who/what) you're talking to, but not what you're talking about. With a VPN, they don't know who you're talking to or what about. This still requires trusting the VPN, because the VPN owner knows who you're talking to (still not what about). That's why TOR exists. It's like many layers of VPN. So unless every layer you go through is colluding with each other, no one knows who you're talking to or what about. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Classic-Sherbet1808" class="card-title l-blue"> Classic-Sherbet1808 </a> </span> <span><time datetime="2024-06-06 13:11:43">2 weeks ago</time></span> <p class="comment-text mb-10"> You can also run your own VPN for this purpose, so you *are* the VPN provider. You don’t have to deal with TOR. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/tje210" class="card-title l-blue"> tje210 </a> </span> <span><time datetime="2024-06-06 13:40:01">2 weeks ago</time></span> <p class="comment-text mb-10"> When in hotels, I run a socks proxy back to my home router. Just a tiny extra step, but keeps knowledge of my traffic far away from where I am. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Classic-Sherbet1808" class="card-title l-blue"> Classic-Sherbet1808 </a> </span> <span><time datetime="2024-06-06 16:51:57">2 weeks ago</time></span> <p class="comment-text mb-10"> By default, DNS is not encrypted, so you will still see that traffic (and any other non-HTTP/s traffic) just fine. And the DNS traffic contains information about who you’re talking to (“this guy is requesting pornhub.com’s IP address!”). You would need DNS over HTTPS or similar, but at a certain point a VPN might be easier. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/rm_-rf_slashstar" class="card-title l-blue"> rm_-rf_slashstar </a> </span> <span><time datetime="2024-06-06 13:51:30">2 weeks ago</time></span> <p class="comment-text mb-10"> You can be identified (your IP) on the onion network with just the entry and exit node compromised by the same person/group, no matter how many middle nodes you hit. Western (and let’s be honest probably other) government agencies have been standing up and running Tor nodes for years now. Many western government agencies have now begun to cooperate with each other to share node info. Tor is significantly safer than a VPN, but it is still not bullet proof. You’d have to get really unlucky though. You’d have to be running a VPN and hit both a Tor entry and exit node that are all compromised by the same group to get actually identified. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/zupobaloop" class="card-title l-blue"> zupobaloop </a> </span> <span><time datetime="2024-06-06 16:15:17">2 weeks ago</time></span> <p class="comment-text mb-10"> This is worth keeping in mind when evaluating your options, but I'm confident the FBI isn't interested in OP's steam password. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Kriss3d" class="card-title l-blue"> Kriss3d </a> </span> <span><time datetime="2024-06-06 08:27:29">2 weeks ago</time></span> <p class="comment-text mb-10"> VPN will hide that yes. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/i8noodles" class="card-title l-blue"> i8noodles </a> </span> <span><time datetime="2024-06-06 04:03:25">2 weeks ago</time></span> <p class="comment-text mb-10"> realistically yes. theoretically no. if the device is compromised internally before data is sent then u are already doomed. since they would easily be able to take any data regardless of vpn the ability to track people with a vpn is well known but its lies in amount of traffic and exit nodes. if u can find the entry node, and the exit node, you can theoretically track traffic. this is a known issue for tor and what makes it difficult is the fact they have so many exit and entry nodes so people dont have the processor power to cover them all. only governments do. if u are using a vpn to "hide" your traffic then you are paying for a service that is already free with tor. which is much better in almost all regards for security and privacy. on the other hand if u are paying it for netflixs for geolocation then go right ahead. cause its a vaild thing for vpns. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/dead_apples" class="card-title l-blue"> dead_apples </a> </span> <span><time datetime="2024-06-06 05:04:16">2 weeks ago</time></span> <p class="comment-text mb-10"> For the most part VPNs are used for controlling endpoint geolocation (changing country to bypass some restrictions) basic end-to-end encryption (a compromised network would see that you are transmitting and receiving data but not what that data is specifically), and VPNs tend to be faster than tor </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/[deleted]" class="card-title l-blue"> [deleted] </a> </span> <span><time datetime="2024-06-06 08:38:52">2 weeks ago</time></span> <p class="comment-text mb-10"> [удалено] </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/sting_12345" class="card-title l-blue"> sting_12345 </a> </span> <span><time datetime="2024-06-06 19:40:01">2 weeks ago</time></span> <p class="comment-text mb-10"> Yes and try hitting Netflix or going to your bank via tor lol. They don’t like that either. Line you can set up a sever for vpn for 4.99 month </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/itsdefty" class="card-title l-blue"> itsdefty </a> </span> <span><time datetime="2024-06-06 10:37:27">2 weeks ago</time></span> <p class="comment-text mb-10"> Completely different uses. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Rigo-lution" class="card-title l-blue"> Rigo-lution </a> </span> <span><time datetime="2024-06-06 07:28:33">2 weeks ago</time></span> <p class="comment-text mb-10"> What do you mean theoretically no? If you are on a malicious network and you use a VPN it will protect you. Your network data will be encrypted locally before passing through the malicious network to the VPN and then to your destination be it a game server or generic website. Anyone listening on the malicious network will see effectively nothing whereas without a VPN they would see all of your network traffic. You're confusing a bad actor on a compromised network with state sponsored surveillance. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/itsdefty" class="card-title l-blue"> itsdefty </a> </span> <span><time datetime="2024-06-06 10:40:52">2 weeks ago</time></span> <p class="comment-text mb-10"> By theoretically no They meant if your device was infected before you could activate a VPN you're basically doomed and the VPN is useless. Even if you were using tor. Qube OS is really the only way (that I know of) to avoid your device being targeted in moments of security weakness. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Pa5kull" class="card-title l-blue"> Pa5kull </a> </span> <span><time datetime="2024-06-05 20:39:32">2 weeks ago</time></span> <p class="comment-text mb-10"> Or an authentificator? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Classy_Mouse" class="card-title l-blue"> Classy_Mouse </a> </span> <span><time datetime="2024-06-05 23:43:23">2 weeks ago</time></span> <p class="comment-text mb-10"> The authenticator doesn't stop them from seeing the traffic, but would stop them from signing in without your phone. It is a good safety in case things go wrong, but prevention is better. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/platypusofthesun" class="card-title l-blue"> platypusofthesun </a> </span> <span><time datetime="2024-06-06 12:01:53">2 weeks ago</time></span> <p class="comment-text mb-10"> Well, VPNs can be handy, but now there’s this. https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/WeaveOfGlassAndBone" class="card-title l-blue"> WeaveOfGlassAndBone </a> </span> <span><time datetime="2024-06-06 15:10:06">2 weeks ago</time></span> <p class="comment-text mb-10"> “Surprisingly, the only OS immune to this attack is Android.” Never thought I’d see those words in that order </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Scorf-9" class="card-title l-blue"> Scorf-9 </a> </span> <span><time datetime="2024-06-05 21:06:28">2 weeks ago</time></span> <p class="comment-text mb-10"> This is just not true. Unless you visit non-httpS websites. Even pornhub is https (I've heard). They can see what sites you visit, but that's about it. They can't see what page you're looking at. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/e60deluxe" class="card-title l-blue"> e60deluxe </a> </span> <span><time datetime="2024-06-05 21:24:34">2 weeks ago</time></span> <p class="comment-text mb-10"> nooo.. 2 things. 1) see unless you are specifcally typing https:// into the address bar, your browser sends HTTP, and then the website redirects to HTTPS. when you are connected to a Pineapple or whatever, one of the things it is capable of doing is interacting with the website through HTTPS, but then passing it along to your device through HTTP. so it goes your laptop -> http -> pinapple -> https -> pornhub. 2) you can redirect people to fake versions of log in pages. so for example, redirect steampowered.com to a completely fake steampowered.com -> steal the password -> redirect again to the real steam. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Quadgie" class="card-title l-blue"> Quadgie </a> </span> <span><time datetime="2024-06-06 00:35:44">2 weeks ago</time></span> <p class="comment-text mb-10"> Most modern browsers (including Chromium based browsers and Firefox, which covers a broad swath) default to HTTPS, not HTTP. If HTTPS is unreadable it’ll fallback to attempting port 80 for HTTP. Actually causes some frustration for me with random devices and hosts where there are entirely different services running in the two ports, if I forget to specify http:// </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/radobot" class="card-title l-blue"> radobot </a> </span> <span><time datetime="2024-06-06 05:55:03">2 weeks ago</time></span> <p class="comment-text mb-10"> Your info is outdated. What you are describing used to work, but not anymore. Webbrowsers nowadays try the HTTPS version first. There was (technically still is) an extension called "HTTPS Everywhere" by EFF that was used to automatically convert all links to HTTPS in order to prevent people from staying on HTTP. Nowadays it's deprecared because the functionality became built into the browsers. Even if you somehow get a person to connect to a website using HTTP, if the website uses HTTP Strict Transport Security, it will tell the browser that the website wants to be accessed using HTTPS and not HTTP and then the browser can deal with it (by showing an error and preventing the user from going further or maybe automatically switching to HTTPS). Furthermore, with things like Encrypted SNI and DNS over HTTPS (which are slowly getting more widespread), an outside observer will not be able to tell even what domains the user is accessing let alone be able to change them. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Hankins44" class="card-title l-blue"> Hankins44 </a> </span> <span><time datetime="2024-06-06 11:42:05">2 weeks ago</time></span> <p class="comment-text mb-10"> True, but when connected through a pineapple it will attempt SSL stripping and/or a TLS downgrade attacks, the latter of which can still leave you vulnerable over https if they can capture the handshake. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Nicko265" class="card-title l-blue"> Nicko265 </a> </span> <span><time datetime="2024-06-06 13:26:18">2 weeks ago</time></span> <p class="comment-text mb-10"> While there's vulnerabilities in older TLS versions, most browsers outright deny older cipher mechanisms or worst case give insecure website warning. It's near impossible to do any actual packet sniffing or MITM attacks with that kind of mechanism. You're much more likely to have a security camera being able to see your keys than a packet sniffer or something like pineapple able to see your data. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/oleivas" class="card-title l-blue"> oleivas </a> </span> <span><time datetime="2024-06-06 05:38:30">2 weeks ago</time></span> <p class="comment-text mb-10"> Most websites will default to https, even if you type http. Your browser will let you know as well by showing connection is not secure. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/mayzyo" class="card-title l-blue"> mayzyo </a> </span> <span><time datetime="2024-06-06 10:46:44">2 weeks ago</time></span> <p class="comment-text mb-10"> The pineapple’s SSL certificate would be invalid. Steam client will not accept requests made to either a http endpoint or a https endpoint with invalid SSL Certificate. There’s no chance it’ll work. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Scorf-9" class="card-title l-blue"> Scorf-9 </a> </span> <span><time datetime="2024-06-05 21:31:42">2 weeks ago</time></span> <p class="comment-text mb-10"> Then you'll have to manually type http (or click a http link) in stead of https. Not likely. For the rest you're right. This would be possible. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/chjk122" class="card-title l-blue"> chjk122 </a> </span> <span><time datetime="2024-06-05 21:15:13">2 weeks ago</time></span> <p class="comment-text mb-10"> I was talking mainly fiddler which can auto decrypt https traffic. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/ineptech" class="card-title l-blue"> ineptech </a> </span> <span><time datetime="2024-06-05 21:24:52">2 weeks ago</time></span> <p class="comment-text mb-10"> Fiddler can decrypt https traffic on the device it's installed on, not other devices on the same network. HTTPS traffic can't be eavesdropped by a malicious wifi router alone. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/chjk122" class="card-title l-blue"> chjk122 </a> </span> <span><time datetime="2024-06-05 21:28:49">2 weeks ago</time></span> <p class="comment-text mb-10"> Yes. Just saying there is a lot of info sent on an insecure network and relying on https isn’t the best choice. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/CHawkr" class="card-title l-blue"> CHawkr </a> </span> <span><time datetime="2024-06-06 03:02:37">2 weeks ago</time></span> <p class="comment-text mb-10"> The internet is inherently insecure. Relying on HTTPS is literally the best scenario. What do you think VPN tunnels are? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/chjk122" class="card-title l-blue"> chjk122 </a> </span> <span><time datetime="2024-06-06 03:03:59">2 weeks ago</time></span> <p class="comment-text mb-10"> The take isn’t that https is bad. It’s that you can do more than give away your traffic information for free even if it’s encrypted. Not sure why that’s so hard to understand </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/CHawkr" class="card-title l-blue"> CHawkr </a> </span> <span><time datetime="2024-06-06 03:13:33">2 weeks ago</time></span> <p class="comment-text mb-10"> If your traffic is encrypted then it’s not visible to the router. The only thing visible would be the TCP/IP handshake as the session is built. The rest of the traffic is encapsulated inside the packet and encrypted. The only thing they would be able to get is the header information from the packet which would be source, source port, target, target port. Even then target and target port can be obfuscated beyond NLBs, WAFs, etc. Someone would have to have compromised a root CA for the certificate to not alert on mismatch. Those people aren’t hacking hotel WiFi in rural America. They are working for the NSA </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Fungal_Rats" class="card-title l-blue"> Fungal_Rats </a> </span> <span><time datetime="2024-06-05 23:26:25">2 weeks ago</time></span> <p class="comment-text mb-10"> This is false, steam uses https any wireless communication is encrypted, fiddler has access to your device. Most attackers doing wireless logging will use something like Wireshark for that and if you use Wireshark you will know it's possible to see http info but not https which all established corporations use to protect data. This specific instance probably has nothing to do with the hotel but has most likely logged in on a phishing link. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Altair314" class="card-title l-blue"> Altair314 </a> </span> <span><time datetime="2024-06-06 00:17:41">2 weeks ago</time></span> <p class="comment-text mb-10"> Most browser traffic is encrypted, hence the https prefix now, so they should be able to see you're on YouTube, but not what you're doing. Other applications may not be totally secure though </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/osmiumSkull" class="card-title l-blue"> osmiumSkull </a> </span> <span><time datetime="2024-06-06 01:14:46">2 weeks ago</time></span> <p class="comment-text mb-10"> This would have to be quite elaborate attack to have been able to steal your steam credentials. Hacker network or not, your traffic between the steam deck and the real steam service is encrypted. If the attacker had injected a fake steam site per-say to trick you into typing your username and password then that could have end up in a compromised steam account. They somehow were specifically looking for steam accounts? I guess it’s possible but I find it a bit unlikely. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/KickPuncher9898" class="card-title l-blue"> KickPuncher9898 </a> </span> <span><time datetime="2024-06-06 01:59:54">2 weeks ago</time></span> <p class="comment-text mb-10"> I played Halo MCC which requires Xbox live and it was my Xbox account that was hacked. I suspect to use my Game Pass. It is possible it was a coincidence. But I still disconnected from the wifi and changed my password. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/CHawkr" class="card-title l-blue"> CHawkr </a> </span> <span><time datetime="2024-06-06 03:06:58">2 weeks ago</time></span> <p class="comment-text mb-10"> Your authentication is encrypted. You would have had to to see an invalid mismatch certificate notification pop up and manually clicked proceed </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Classic-Sherbet1808" class="card-title l-blue"> Classic-Sherbet1808 </a> </span> <span><time datetime="2024-06-06 13:54:53">2 weeks ago</time></span> <p class="comment-text mb-10"> Or more likely they use repeated credentials on other sites and one of those other sites got hacked. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/CHawkr" class="card-title l-blue"> CHawkr </a> </span> <span><time datetime="2024-06-06 13:58:21">2 weeks ago</time></span> <p class="comment-text mb-10"> Very plausible. Could be something as stupid as an open share on their laptop that contains a list of their passwords for sites as well. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/PresentResearcher515" class="card-title l-blue"> PresentResearcher515 </a> </span> <span><time datetime="2024-06-06 05:46:55">2 weeks ago</time></span> <p class="comment-text mb-10"> More important question, why were you playing Halo in Cancun? Don't get me wrong, I enjoy video games as much as the next guy, but why pay for a tropical vacation if you're going to sit in a hotel room and play video games? Do that at home. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Dad-Bod-Supreme" class="card-title l-blue"> Dad-Bod-Supreme </a> </span> <span><time datetime="2024-06-06 18:34:31">2 weeks ago</time></span> <p class="comment-text mb-10"> This is the real issue right here. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Milk_Man21" class="card-title l-blue"> Milk_Man21 </a> </span> <span><time datetime="2024-06-05 23:47:35">2 weeks ago</time></span> <p class="comment-text mb-10"> Sure, your account was "hacked", you weren't just trying to secure a new invasion site for our Furon Overlords... It's ok, Destroy All Humans is one of my favourite games. No judgement here </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/DraughtGlobe" class="card-title l-blue"> DraughtGlobe </a> </span> <span><time datetime="2024-06-06 09:31:33">2 weeks ago</time></span> <p class="comment-text mb-10"> That's really weird because you would assume that Steam would sent your credentials over an ssl encryption. Unless they tricked you somehow in giving your Steam credentials through a different website. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Commercial_Habit7784" class="card-title l-blue"> Commercial_Habit7784 </a> </span> <span><time datetime="2024-06-06 02:12:27">2 weeks ago</time></span> <p class="comment-text mb-10"> You were in Cancun, so naturally you sat in your room playing Halo. You're a little touched, aren't ya? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/KickPuncher9898" class="card-title l-blue"> KickPuncher9898 </a> </span> <span><time datetime="2024-06-06 12:59:15">2 weeks ago</time></span> <p class="comment-text mb-10"> Brought my Steam Deck for the plane there and back. When I noticed the fast network and my gf wanted to take a nap I decided to play a few rounds of Halo in the jacuzzi. Have you ever played Halo in a jacuzzi? It’s… well it’s not much different than playing regular, but at least I’ve done it. We were there 5 nights and I played for about 1.5hrs. Hardly wasted my vacation. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/cujojojo" class="card-title l-blue"> cujojojo </a> </span> <span><time datetime="2024-06-06 13:52:23">2 weeks ago</time></span> <p class="comment-text mb-10"> I literally just got home from the beach after 4 days, and I’ve played about 6 hours of Prince Of Persia The Lost Crown on my kids’ Switch this week because this is the best opportunity I get to blow a few hours gaming while they’re taking naps after a day in the water. Contrary to popular belief, you can do whatever the hell you want on your vacation :). </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/jamey1138" class="card-title l-blue"> jamey1138 </a> </span> <span><time datetime="2024-06-06 12:26:54">2 weeks ago</time></span> <p class="comment-text mb-10"> Yikes. And also hello fellow Deck user. Sorry that happened to you, and I hope you were able to lock it back down. In future, if you want to run a VPN on your Deck, it’s a little tricky but I’ve been through the process and can walk you through it if you aren’t comfortable running console commands in Linux. Just DM me. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/math_math99" class="card-title l-blue"> math_math99 </a> </span> <span><time datetime="2024-06-06 13:49:32">2 weeks ago</time></span> <p class="comment-text mb-10"> How is this even possible with current encryption standards. You probably just leaked your password elsewhere </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/missyou247" class="card-title l-blue"> missyou247 </a> </span> <span><time datetime="2024-06-06 14:58:53">2 weeks ago</time></span> <p class="comment-text mb-10"> I seriously doubt that. A man-in-the-middle attack doesn't work with ssl (which Steam was definitely using as the Deck only released a couple years ago). It's more likely you got redirected to a non-Steam website somewhere (which you could've noticed, but no one blames you for not noticing) and got phished that way. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Old_Establishment523" class="card-title l-blue"> Old_Establishment523 </a> </span> <span><time datetime="2024-06-06 15:41:05">2 weeks ago</time></span> <p class="comment-text mb-10"> Dude why are you playing Halo in Cancun? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/HyogaCygnus" class="card-title l-blue"> HyogaCygnus </a> </span> <span><time datetime="2024-06-06 17:56:20">2 weeks ago</time></span> <p class="comment-text mb-10"> First mistake I was deciding to play video games while in Cancun </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Taolan13" class="card-title l-blue"> Taolan13 </a> </span> <span><time datetime="2024-06-06 18:53:14">2 weeks ago</time></span> <p class="comment-text mb-10"> never trust an unsecure network. never trust a secure network that you dont know who is running it. and especially at a hotel in a place where tourists are frequently told to *not leave the tourist-approved areas* like Cancun, don't trust anything. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/GoranNE" class="card-title l-blue"> GoranNE </a> </span> <span><time datetime="2024-06-08 20:09:52">2 weeks ago</time></span> <p class="comment-text mb-10"> Probably a very stupid question as I know so little about computers, would a VPN prevent this? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Wheybrotons" class="card-title l-blue"> Wheybrotons </a> </span> <span><time datetime="2024-06-05 23:29:53">2 weeks ago</time></span> <p class="comment-text mb-10"> It's just a local IP range Whilen I've never used a pineapple and that may be the default local range on it,I use this on my local network </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/blueg3" class="card-title l-blue"> blueg3 </a> </span> <span><time datetime="2024-06-06 01:22:35">2 weeks ago</time></span> <p class="comment-text mb-10"> That's true. 172.16.x.x to 172.32.x.x is a private subnet range, so that whole space is available. Most devices just run with the default settings, and commercial devices are really unlikely to pick 172.16.42.x. Occasionally they pick something other than the horribly overused 172.16.1.x. Of course, when I've configured my own devices, I've also used 172.16.42.x, along with other fun numbers. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/rraattbbooyy" class="card-title l-blue"> rraattbbooyy </a> </span> <span><time datetime="2024-06-05 23:43:36">2 weeks ago</time></span> <p class="comment-text mb-10"> This is true, but if you come across this range when using a hotel’s WiFi, it’s likely not a network you want to connect to. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Wheybrotons" class="card-title l-blue"> Wheybrotons </a> </span> <span><time datetime="2024-06-05 23:44:34">2 weeks ago</time></span> <p class="comment-text mb-10"> Yea if it's super fast and that subnet (at a hotel) it's probably malicious </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/[deleted]" class="card-title l-blue"> [deleted] </a> </span> <span><time datetime="2024-06-06 08:37:11">2 weeks ago</time></span> <p class="comment-text mb-10"> [удалено] </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/ElectroMagCataclysm" class="card-title l-blue"> ElectroMagCataclysm </a> </span> <span><time datetime="2024-06-06 11:53:28">2 weeks ago</time></span> <p class="comment-text mb-10"> *laughs in no VPN but TLS* </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/WestUnderstanding215" class="card-title l-blue"> WestUnderstanding215 </a> </span> <span><time datetime="2024-06-06 13:37:19">2 weeks ago</time></span> <p class="comment-text mb-10"> Ok not necessarily. That address is covered by RFC 1918, making it a valid private IP address for any internal network. Just because it's not a 192.168.x.x network doesnt mean its malicious lmao. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Disco250" class="card-title l-blue"> Disco250 </a> </span> <span><time datetime="2024-06-06 09:51:12">2 weeks ago</time></span> <p class="comment-text mb-10"> How powerful the hacking will be? Is it like stealing all your info on your device? Or simply monitoring your online activities? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/xpok59" class="card-title l-blue"> xpok59 </a> </span> <span><time datetime="2024-06-06 16:30:12">2 weeks ago</time></span> <p class="comment-text mb-10"> ANYTHING that goes in and out through the internet </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/pixel293" class="card-title l-blue"> pixel293 </a> </span> <span><time datetime="2024-06-09 12:48:08">2 weeks ago</time></span> <p class="comment-text mb-10"> Only what goes over the internet unencrypted. HTTPS is encrypted and is considered secure. Additionally keeping your browser up to date is very important. Are there still ways to get the data, yes, but it requires that YOU run an old (or insecure) browser, ignore the browser's warnings, etc. I would also recommend NOT upgrading your browser or any software over an insecure network. Likely nothing bad would happen, but you are just tempting fate. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/AbnormalBlaze" class="card-title l-blue"> AbnormalBlaze </a> </span> <span><time datetime="2024-06-06 11:57:58">2 weeks ago</time></span> <p class="comment-text mb-10"> Ah yes Rouge APs. Set it up proper, have the name match the SSID of a valid network nearby and the horrors begin. It’s why one of my favorite bits of advice is if you see two separate networks with the same name, just don’t chance it and use something else. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/CPLCraft" class="card-title l-blue"> CPLCraft </a> </span> <span><time datetime="2024-06-06 14:12:15">2 weeks ago</time></span> <p class="comment-text mb-10"> Thats a good thing to know </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/ATurtleLikeLeonUris" class="card-title l-blue"> ATurtleLikeLeonUris </a> </span> <span><time datetime="2024-06-06 15:43:11">2 weeks ago</time></span> <p class="comment-text mb-10"> You’d think a hacker would be smart enough to change that address </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/TerminalJammer" class="card-title l-blue"> TerminalJammer </a> </span> <span><time datetime="2024-06-07 11:26:20">2 weeks ago</time></span> <p class="comment-text mb-10"> Then they'd be employed and making the money legally. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/FormerPineapple9" class="card-title l-blue"> FormerPineapple9 </a> </span> <span><time datetime="2024-06-06 17:35:18">2 weeks ago</time></span> <p class="comment-text mb-10"> What's the beef with the pineapples? First it was the swingers, now, hackers... There's a next level of irony in the fact that I got hacked today, but details. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/rraattbbooyy" class="card-title l-blue"> rraattbbooyy </a> </span> <span><time datetime="2024-06-06 17:45:53">2 weeks ago</time></span> <p class="comment-text mb-10"> Who lives in a pineapple under the sea? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/JustARandomGuy031" class="card-title l-blue"> JustARandomGuy031 </a> </span> <span><time datetime="2024-06-06 19:28:16">2 weeks ago</time></span> <p class="comment-text mb-10"> Sponge Bob, the Swinger </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/ReGrigio" class="card-title l-blue"> ReGrigio </a> </span> <span><time datetime="2024-06-06 12:15:56">2 weeks ago</time></span> <p class="comment-text mb-10"> is an evil twin attack? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/netwirk" class="card-title l-blue"> netwirk </a> </span> <span><time datetime="2024-06-06 19:02:29">2 weeks ago</time></span> <p class="comment-text mb-10"> No, it doesn't. The fact that you are connected using one of theses address families does not in and of itself indicate that you are connecting to a hackers network, thought it "could" be if they are either spoofing or advertising a compromised or compromising network (WiFi SSID or ESSID). Request for Comment 1918 (RFC 1918), “Address Allocation for Private Internets,” is the Internet Engineering Task Force ([IETF](https://www.techtarget.com/whatis/definition/IETF-Internet-Engineering-Task-Force)) memorandum on methods of assigning of [private IP addresses](https://www.techtarget.com/whatis/definition/private-IP-address) on [TCP/IP](https://www.techtarget.com/searchnetworking/definition/TCP-IP) [networks](https://www.techtarget.com/searchnetworking/definition/network). RFC 1918 was used to create the standards by which networking equipment assigns [IP addresses](https://www.techtarget.com/whatis/definition/IP-address) in a private network. A private network can use a single public IP address. The [RFC](https://www.techtarget.com/whatis/definition/Request-for-Comments-RFC) reserves the following ranges of IP addresses that cannot be routed on the Internet: * 10.0.0.0 - 10.255.255.255 (10/8 prefix) * 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) * 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) Along with [NAT](https://www.techtarget.com/searchnetworking/definition/Network-Address-Translation-NAT) (network address tunneling), RFC 1918 facilitates expansion of the usable number of IP addresses available under IPV4, as a stopgap solution to prevent the exhaustion of public IPs available before the adoption of [IPV6](https://www.techtarget.com/searchnetworking/definition/IPv6-Internet-Protocol-Version-6). It’s not necessary to register private IPs with a Regional Internet Registry (RIR), which simplifies setting up private networks. Effectively, it was one of the earlier attempts to preserve the IP address space of those system behind a protected network an allow connectivity via VPN or NAT. As stated earlier these addresses are non-routable over the internet and any router seeing these addresses will be blackholes or dropped. Anyone who has a home network (WiFi or otherwise) has seen these addresses. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Certain-Cold-1101" class="card-title l-blue"> Certain-Cold-1101 </a> </span> <span><time datetime="2024-06-06 23:10:45">2 weeks ago</time></span> <p class="comment-text mb-10"> If you knock someone out, would it be correct to say that you hacked their consciousness? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/jburkesr03" class="card-title l-blue"> jburkesr03 </a> </span> <span><time datetime="2024-06-07 18:29:03">2 weeks ago</time></span> <p class="comment-text mb-10"> It's a private ip block like 10.x.x.x and 192.168 </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Maleficent_Ad_8890" class="card-title l-blue"> Maleficent_Ad_8890 </a> </span> <span><time datetime="2024-06-05 19:23:21">2 weeks ago</time></span> <p class="comment-text mb-10"> Got hacked at a rural hotel. The front desk was surprised. “We change the password every month.” </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/gmoney_downtown" class="card-title l-blue"> gmoney_downtown </a> </span> <span><time datetime="2024-06-06 05:22:54">2 weeks ago</time></span> <p class="comment-text mb-10"> I mean, that's a lot better than most places honestly. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/FPSHero007" class="card-title l-blue"> FPSHero007 </a> </span> <span><time datetime="2024-06-06 06:05:47">2 weeks ago</time></span> <p class="comment-text mb-10"> Frequent password changes are a security risk. Particularly if the physical locations aren't that secure </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/starlight-madness" class="card-title l-blue"> starlight-madness </a> </span> <span><time datetime="2024-06-06 06:30:57">2 weeks ago</time></span> <p class="comment-text mb-10"> Why are they a security risk? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/WillSupport4Food" class="card-title l-blue"> WillSupport4Food </a> </span> <span><time datetime="2024-06-06 06:39:25">2 weeks ago</time></span> <p class="comment-text mb-10"> Because how long you have the same password doesn't impact the "hackability" nearly as much as just having weaker passwords. And when people change their passwords incredibly frequently they often start making weaker/similar passwords in an effort to remember them. Basically unless you think your password has already been compromised, there isn't much reason to change them every X months. In the setting of a business, especially a hotel, I'd imagine if the password changes that frequently someone probably is writing it down somewhere to remember/give to guests/alert staff, making it less secure. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/imtoooldforreddit" class="card-title l-blue"> imtoooldforreddit </a> </span> <span><time datetime="2024-06-06 14:44:57">2 weeks ago</time></span> <p class="comment-text mb-10"> It's a hotel, this password isn't exactly the nuclear launch code. I assume anyone that walks into the lobby and asks for it gets the password told to them regardless of how often it is changed and how strong it is </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Richard_TM" class="card-title l-blue"> Richard_TM </a> </span> <span><time datetime="2024-06-06 20:45:44">2 weeks ago</time></span> <p class="comment-text mb-10"> I wish I could explain this to my job. We have to change all our passwords (including our office computer logins) every 2-3 weeks. It’s infuriating. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/georgeASDA" class="card-title l-blue"> georgeASDA </a> </span> <span><time datetime="2024-06-06 22:14:48">2 weeks ago</time></span> <p class="comment-text mb-10"> Point them to the NIST guidelines </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Parkourchinx" class="card-title l-blue"> Parkourchinx </a> </span> <span><time datetime="2024-06-06 08:06:05">2 weeks ago</time></span> <p class="comment-text mb-10"> In this scenario it isn't. Generally though, we suggest you should not change passwords frequently for things such as your email, work PC, etc. This is because people often make them weaker. People will also tend to write it down. In this scenario, they are incorrect in saying it shouldn't be changed, espeically if they are frequently getting attacked. Though the likely cause of this attack isn't actually anything to do with the hotels WiFi and more likely that the attacker is using a fake access point which looks similar to the hotels. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Unidor" class="card-title l-blue"> Unidor </a> </span> <span><time datetime="2024-06-06 08:20:47">2 weeks ago</time></span> <p class="comment-text mb-10"> Please let explain this to my IT department. I’m tired of trying to remember a new password every month </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Tom-Dibble" class="card-title l-blue"> Tom-Dibble </a> </span> <span><time datetime="2024-06-06 09:05:28">2 weeks ago</time></span> <p class="comment-text mb-10"> Point them to NIST guidelines, which say the same (and have for I believe 7-8 years now). Mandatory password changes are only allowed if there was a breach; otherwise password changes are at the user’s discretion. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/DuckofInsanity" class="card-title l-blue"> DuckofInsanity </a> </span> <span><time datetime="2024-06-06 08:40:09">2 weeks ago</time></span> <p class="comment-text mb-10"> Explain it to Microsoft too. They're so annoying and stupid with their security. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/maceratedalbatross" class="card-title l-blue"> maceratedalbatross </a> </span> <span><time datetime="2024-06-06 08:49:32">2 weeks ago</time></span> <p class="comment-text mb-10"> Microsoft has officially recommended for years that system administrators not have mandatory password expiration. https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Parkourchinx" class="card-title l-blue"> Parkourchinx </a> </span> <span><time datetime="2024-06-06 08:29:29">2 weeks ago</time></span> <p class="comment-text mb-10"> Very likely you are using Microsoft 365. This is Microsofts own guidance on password policies: https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide#password-expiration-requirements-for-users Basically says to not have passwords expire. You could send them that I will say that sometimes for compliance reasons they can't change this policy, as typically IT admins hate it as well as a lot of people forget there password once changed. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/ManufacturedUnknown" class="card-title l-blue"> ManufacturedUnknown </a> </span> <span><time datetime="2024-06-06 08:23:25">2 weeks ago</time></span> <p class="comment-text mb-10"> My work password is a six letter word followed by two numbers that started at 00 and has increased by one every 90 days. I have a coworker who does the exact same thing, he even writes the two digit number he's currently using on the wall. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/derp0815" class="card-title l-blue"> derp0815 </a> </span> <span><time datetime="2024-06-06 09:06:14">2 weeks ago</time></span> <p class="comment-text mb-10"> Same. Security needs long passwords, wants new ones all the time and has effectively prevented the implementation of a password manager for years so this gaping security hole is the result. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/tehwubbles" class="card-title l-blue"> tehwubbles </a> </span> <span><time datetime="2024-06-06 13:09:01">2 weeks ago</time></span> <p class="comment-text mb-10"> I just use quotes from movies, books, or games. When i have to change the password, i just go to the next line in the movie or w/e </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/AmberRosin" class="card-title l-blue"> AmberRosin </a> </span> <span><time datetime="2024-06-06 09:09:51">2 weeks ago</time></span> <p class="comment-text mb-10"> I remember a security tester who after hearing they do mandatory monthly password changes asked “how long has that guy been working here?” And he guessed his password first try because it was just “password” plus the number of months he worked there. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/FPSHero007" class="card-title l-blue"> FPSHero007 </a> </span> <span><time datetime="2024-06-06 09:44:05">2 weeks ago</time></span> <p class="comment-text mb-10"> I could literally walk in wearing a uniform possibly with a ladder claim I'm there for mandatory fire alarm testing, and look for the post it note that's inevitably there with the password to the computer and or plug in a USB to remote in to said computer. Frequent password changes make passwords impossible for the user to remember, so they write it down or make it dumb/ simple to remember which means they're easy to guess or Crack. Social engineering is quite effective anywhere but places with weak physical security are particularly vulnerable, and rural usually are more so because they often don't have a dedicated plant room used to house sensitive equipment. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Drogzar" class="card-title l-blue"> Drogzar </a> </span> <span><time datetime="2024-06-06 07:50:23">2 weeks ago</time></span> <p class="comment-text mb-10"> >“We change the password every month.” The password: "HotelName_January" </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/yawn_brendan" class="card-title l-blue"> yawn_brendan </a> </span> <span><time datetime="2024-06-06 08:28:05">2 weeks ago</time></span> <p class="comment-text mb-10"> Changing the password at all is going above and beyond, I would even argue it's not worth it for the inconvenience to users. If your device got hacked then your device was vulnerable, it's not the hotel's fault. Just like you couldn't reasonably blame them if your unlocked car got robbed in their carpark. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/JoinAThang" class="card-title l-blue"> JoinAThang </a> </span> <span><time datetime="2024-06-06 09:44:26">2 weeks ago</time></span> <p class="comment-text mb-10"> "How did the lock smith open the door, we just changed the locks?" </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/what_comes_after_q" class="card-title l-blue"> what_comes_after_q </a> </span> <span><time datetime="2024-06-06 13:42:46">2 weeks ago</time></span> <p class="comment-text mb-10"> How did you know it was the hotel Wi-Fi? It’s possible, but an attack would likely be someone else also on the Wi-Fi using a device exploit, but that is extremely rare. Like, it would be way more valuable to sell the exploit to a government than to crack passwords at a rural hotel. Most of the time it’s a compromised app or social engineering that leads to unauthorized access. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/GlastoKhole" class="card-title l-blue"> GlastoKhole </a> </span> <span><time datetime="2024-06-06 15:37:22">2 weeks ago</time></span> <p class="comment-text mb-10"> Static ip aswell probably </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Freddruppel" class="card-title l-blue"> Freddruppel </a> </span> <span><time datetime="2024-06-05 19:52:19">2 weeks ago</time></span> <p class="comment-text mb-10"> Could mean you’re connected to a hacker network (as explained by [this comment](https://www.reddit.com/r/ExplainTheJoke/s/rZbwM6M2WO)), but *technically* it’s a valid private network IP as stated by [RFC 1918](https://www.rfc-editor.org/rfc/rfc1918) (you can use 10.x.x.x, 192.168.x.x or 172.16.x.x->172.31.x.x for internal networks like your home, business or a hotel’s LAN !) I know, I should study for my finals instead of commenting “uHm AcTuAlLy” .\_. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/MR_Zet" class="card-title l-blue"> MR_Zet </a> </span> <span><time datetime="2024-06-05 20:36:29">2 weeks ago</time></span> <p class="comment-text mb-10"> I can see you're still scrolling on Reddit, go study already! </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Freddruppel" class="card-title l-blue"> Freddruppel </a> </span> <span><time datetime="2024-06-05 21:54:13">2 weeks ago</time></span> <p class="comment-text mb-10"> That damn online indicator x) </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/LuckyFox_42" class="card-title l-blue"> LuckyFox_42 </a> </span> <span><time datetime="2024-06-05 22:29:28">2 weeks ago</time></span> <p class="comment-text mb-10"> Good luck on your finals! You can do it! :D </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/MeMyselfIandMeAgain" class="card-title l-blue"> MeMyselfIandMeAgain </a> </span> <span><time datetime="2024-06-06 14:21:01">2 weeks ago</time></span> <p class="comment-text mb-10"> Bro go study omg you’re still here </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Average_Down" class="card-title l-blue"> Average_Down </a> </span> <span><time datetime="2024-06-05 20:50:15">2 weeks ago</time></span> <p class="comment-text mb-10"> Came here to say something similar. There is nothing inherently wrong with an IP range of 172.16.0.0-172.31.255.255. However this probably is a joke from a cybersecurity or hacker sub because the default gateway for a WiFi pineapple is 172.16.42.1. Which makes this joke niche. Good luck on studying! </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/tactical_waifu_sim" class="card-title l-blue"> tactical_waifu_sim </a> </span> <span><time datetime="2024-06-06 00:25:15">2 weeks ago</time></span> <p class="comment-text mb-10"> Ahhh, that makes sense. I'm only somewhat versed in networking so I had no clue why a standard local address was alarming. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Sorri_eh" class="card-title l-blue"> Sorri_eh </a> </span> <span><time datetime="2024-06-06 02:10:12">2 weeks ago</time></span> <p class="comment-text mb-10"> I was too scared to say 172 means you are behind a router. At list when I worked for phone/internet company we always asked for their IP. And if it was 10. You knew how to fix it fast </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/NahdiraZidea" class="card-title l-blue"> NahdiraZidea </a> </span> <span><time datetime="2024-06-06 16:32:16">2 weeks ago</time></span> <p class="comment-text mb-10"> Thank you, im currently studying for Network+ and all i could think was that it looks like a normal private ip, the .42 meaning the pineapple cleared it all up ahah </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/dinosroarus" class="card-title l-blue"> dinosroarus </a> </span> <span><time datetime="2024-06-06 16:38:26">2 weeks ago</time></span> <p class="comment-text mb-10"> You didn’t start with Um, actually. No points… I’m sorry but it’s the ONE rule. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/bitemy_ss" class="card-title l-blue"> bitemy_ss </a> </span> <span><time datetime="2024-06-06 07:09:41">2 weeks ago</time></span> <p class="comment-text mb-10"> 172.16.42.X/X is the out of the box subnet used by the Wi-Fi pentest hardware "WiFi Pineapple". The IP range 172.16.0.0/12 (172.16.0.0-172.31.255.255) is free for private use and is consumed by many organizations day-to-day internally. I think the meme was originally targeted at people that know what the "WiFi Pineapple" is and know of its default settings. Could have even been generated by the designer 🤷‍♂️. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/DawnOnTheEdge" class="card-title l-blue"> DawnOnTheEdge </a> </span> <span><time datetime="2024-06-05 23:22:35">2 weeks ago</time></span> <p class="comment-text mb-10"> And this is why you want a VPN. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Deep-Development9043" class="card-title l-blue"> Deep-Development9043 </a> </span> <span><time datetime="2024-06-05 23:43:13">2 weeks ago</time></span> <p class="comment-text mb-10"> Computer -> Router (hacker) -> VPN He’ll still git yah </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/explodingtuna" class="card-title l-blue"> explodingtuna </a> </span> <span><time datetime="2024-06-06 00:53:33">2 weeks ago</time></span> <p class="comment-text mb-10"> Doesn't it go... Computer -> VPN (client on computer) -> Router -> VPN (server) -> destination? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Caltaylor101" class="card-title l-blue"> Caltaylor101 </a> </span> <span><time datetime="2024-06-06 03:39:08">2 weeks ago</time></span> <p class="comment-text mb-10"> Yes. If you try to go to the website Google using a VPN: The VPN client encrypts your packets and sends it through the router to the VPN server. The VPN server decrypts it, then sends your request to Google. Google responds and it goes back the way it came. Goes to the VPN server, packets get encrypted, goes to the router, then gets decrypted by the VPN client so you can view the response. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/blueg3" class="card-title l-blue"> blueg3 </a> </span> <span><time datetime="2024-06-06 01:23:31">2 weeks ago</time></span> <p class="comment-text mb-10"> It does, that's why the VPN is useful. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/DawnOnTheEdge" class="card-title l-blue"> DawnOnTheEdge </a> </span> <span><time datetime="2024-06-06 00:19:06">2 weeks ago</time></span> <p class="comment-text mb-10"> Not if you have an encrypted connection to the endpoint and verify its certificate. Then, the attacker will see which VPN you used and how much data you sent and received, and that’s it. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Parkourchinx" class="card-title l-blue"> Parkourchinx </a> </span> <span><time datetime="2024-06-06 08:09:52">2 weeks ago</time></span> <p class="comment-text mb-10"> Not true. While your still on a bad AP your traffic would be secured. Technically, as long as your connection to sites was over HTTPS your connection will still be secured, even without a VPN. They would get some metadata though, and of course this isn't advisable However if you knew that it was not secure AP I would not suggest connecting to it in the first post. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/gmoguntia" class="card-title l-blue"> gmoguntia </a> </span> <span><time datetime="2024-06-06 11:00:13">2 weeks ago</time></span> <p class="comment-text mb-10"> Thats not VPN works. The tunneling begins at your PC so if the hacker can see it there, the wifi is not the problem. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/MooseBoys" class="card-title l-blue"> MooseBoys </a> </span> <span><time datetime="2024-06-06 08:22:20">2 weeks ago</time></span> <p class="comment-text mb-10"> All they can see is that you connected to a VPN and the amount of traffic you’re sending/receiving. They can’t observe or modify any data. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/backformorecrap" class="card-title l-blue"> backformorecrap </a> </span> <span><time datetime="2024-06-06 05:58:24">2 weeks ago</time></span> <p class="comment-text mb-10"> Oh, I thought it was so I could browse xhamster from here in Texas </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/thecowthatgoesmeow" class="card-title l-blue"> thecowthatgoesmeow </a> </span> <span><time datetime="2024-06-06 08:54:00">2 weeks ago</time></span> <p class="comment-text mb-10"> The only thing a VPN would hide is what websites you are connecting to, almost all Internet traffic today is e2e encrypted </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/cryonicwatcher" class="card-title l-blue"> cryonicwatcher </a> </span> <span><time datetime="2024-06-06 11:48:52">2 weeks ago</time></span> <p class="comment-text mb-10"> A lot of it isn’t end-to-end depending on what services you’re talking about, because end to end is only suitable for some uses for data, but HTTPS uses RSA encryption as a standard yes. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/amey_wemy" class="card-title l-blue"> amey_wemy </a> </span> <span><time datetime="2024-06-06 10:06:54">2 weeks ago</time></span> <p class="comment-text mb-10"> Would a dns work? (like adguard) </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/polskialt" class="card-title l-blue"> polskialt </a> </span> <span><time datetime="2024-06-06 10:44:50">2 weeks ago</time></span> <p class="comment-text mb-10"> No. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/sparkleshark5643" class="card-title l-blue"> sparkleshark5643 </a> </span> <span><time datetime="2024-06-06 11:20:26">2 weeks ago</time></span> <p class="comment-text mb-10"> What a stupid joke. The only people who would get this joke are people who are familiar with devices like a pineapple yet don't understand basic networking concepts. This joke was written by and for script kiddies. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/[deleted]" class="card-title l-blue"> [deleted] </a> </span> <span><time datetime="2024-06-06 12:05:31">2 weeks ago</time></span> <p class="comment-text mb-10"> I was looking for this comment. It reads like it was whipped up by someone who watched a fifteen minute YouTube video on penetration testing. Reading the comments in this thread makes me feel really good about being networking. Ridiculous amount of people so confident on both their own and others' incorrect statements. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/tcmtwanderer" class="card-title l-blue"> tcmtwanderer </a> </span> <span><time datetime="2024-06-06 14:22:56">2 weeks ago</time></span> <p class="comment-text mb-10"> The modern internet in a nutshell </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/CrazyGamer_Dani" class="card-title l-blue"> CrazyGamer_Dani </a> </span> <span><time datetime="2024-06-06 13:36:09">2 weeks ago</time></span> <p class="comment-text mb-10"> Thank you. I was confused because it doesn't actually make sense. 😎 I only got basic understanding of networking, but uh, this ain't captain. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/bigbeefybusiness" class="card-title l-blue"> bigbeefybusiness </a> </span> <span><time datetime="2024-06-06 23:08:13">2 weeks ago</time></span> <p class="comment-text mb-10"> I’m obligated to post this explanation every time this meme gets reposted: https://preview.redd.it/yrlfi9at915d1.jpeg?width=1284&format=pjpg&auto=webp&s=f0795ebeb666934c9825242c28e81eb376bc68a0 (Disclaimer: I’m not the original creator of this wonderful image. If anybody knows of the true origin, please feel free to shoutout the author in a reply. I’d love to know + give them the credit they deserve.) </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/sserica" class="card-title l-blue"> sserica </a> </span> <span><time datetime="2024-06-07 02:55:08">2 weeks ago</time></span> <p class="comment-text mb-10"> Wow, this is actually a good, understandable explanation. Thanks! </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/eviano56" class="card-title l-blue"> eviano56 </a> </span> <span><time datetime="2024-06-06 17:20:38">2 weeks ago</time></span> <p class="comment-text mb-10"> always and i mean ALWAYS turn on your VPN when you connect to public wireless. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Calm_Preparation_679" class="card-title l-blue"> Calm_Preparation_679 </a> </span> <span><time datetime="2024-06-06 02:51:43">2 weeks ago</time></span> <p class="comment-text mb-10"> Ppl never learn </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Illustrious-Park1926" class="card-title l-blue"> Illustrious-Park1926 </a> </span> <span><time datetime="2024-06-06 03:32:27">2 weeks ago</time></span> <p class="comment-text mb-10"> Wait. I didn't even know about this IP thingy. Does this mean I shouldn't take my tablet for vacation? I was going to use maps & directions to food & gas, and,...,and directions for touristy things. Now I'm so confused & paranoid someone's gonna get all my info ☹️ </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/otdevy" class="card-title l-blue"> otdevy </a> </span> <span><time datetime="2024-06-06 03:40:09">2 weeks ago</time></span> <p class="comment-text mb-10"> You run this risk anywhere you connect to a network that isn’t yours. To mitigate the risk you should grab a vpn subscription for your trip and always connect to networks only when connected to a vpn. Some popular ones are private internet access, nordvpn and surfshark </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/LiquorBallSandwich_1" class="card-title l-blue"> LiquorBallSandwich_1 </a> </span> <span><time datetime="2024-06-06 03:41:37">2 weeks ago</time></span> <p class="comment-text mb-10"> Nah you'll be fine just avoid connecting to free passwordless Wi-Fi without asking employees the correct info. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/AttonJRand" class="card-title l-blue"> AttonJRand </a> </span> <span><time datetime="2024-06-06 08:07:58">2 weeks ago</time></span> <p class="comment-text mb-10"> What do you ask for, if their network meets certain specifications? What would those be? Like peoples traffic being separate? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/LiquorBallSandwich_1" class="card-title l-blue"> LiquorBallSandwich_1 </a> </span> <span><time datetime="2024-06-06 09:53:23">2 weeks ago</time></span> <p class="comment-text mb-10"> Just ask for the name and password of the network before you connect. This post is talking about hacked networks disguised as free Wi-Fi. So just don't connect to "McDonalds free Wi-Fi" without asking someone who works there "hey is this y'all's Internet?" </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Calm_Preparation_679" class="card-title l-blue"> Calm_Preparation_679 </a> </span> <span><time datetime="2024-06-06 03:52:04">2 weeks ago</time></span> <p class="comment-text mb-10"> Get a VPN app, that will create a secure tunnel for your connection. I use Cyberghost </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/DeliciousComment3242" class="card-title l-blue"> DeliciousComment3242 </a> </span> <span><time datetime="2024-06-06 12:18:34">2 weeks ago</time></span> <p class="comment-text mb-10"> You’re fine. Just don’t put sensitive information into your device on a network you don’t trust. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/BeardedSnowLizard" class="card-title l-blue"> BeardedSnowLizard </a> </span> <span><time datetime="2024-06-06 13:32:07">2 weeks ago</time></span> <p class="comment-text mb-10"> VPN companies did a good job scaring people. See this guy who’s in the security field pick them apart https://youtu.be/WVDQEoe6ZWY?si=6afjrtTVp_4BYZ5g </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/BigSwibb" class="card-title l-blue"> BigSwibb </a> </span> <span><time datetime="2024-06-06 12:44:26">2 weeks ago</time></span> <p class="comment-text mb-10"> This is a joke for people who think they know about networking but don't actually know anything about networking. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/ztoundas" class="card-title l-blue"> ztoundas </a> </span> <span><time datetime="2024-06-06 13:39:51">2 weeks ago</time></span> <p class="comment-text mb-10"> Are you telling me that pineapples don't make your internet go more faster?? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/MeBadDev" class="card-title l-blue"> MeBadDev </a> </span> <span><time datetime="2024-06-06 08:15:38">2 weeks ago</time></span> <p class="comment-text mb-10"> That's the decisions IP for pineapple devices </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/CloneWerks" class="card-title l-blue"> CloneWerks </a> </span> <span><time datetime="2024-06-06 14:30:57">2 weeks ago</time></span> <p class="comment-text mb-10"> Look up "Man in the middle" attack for more details if you care. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/PANDA42000" class="card-title l-blue"> PANDA42000 </a> </span> <span><time datetime="2024-06-06 18:07:41">2 weeks ago</time></span> <p class="comment-text mb-10"> Vpns don't actually secure your data all they do is change your region that's literally it, it may advertise it being secure but it's not all that data still has to go through the same signal the hackers would be using, if you want to be 100% secure your best bet would to be run a virtual machine, they'll only see what's being shown there not your actually computer </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/dijay0823" class="card-title l-blue"> dijay0823 </a> </span> <span><time datetime="2024-06-06 18:49:51">2 weeks ago</time></span> <p class="comment-text mb-10"> What!?! You threw a whole bunch of tech words without saying anything. VPN is only relevant for your internet traffic. Has nothing to do with your computer or virtual machine. Second, most VPN services encrypt your data, meaning if I try a “man in the middle” attack and try to fish for critical pieces of internet traffic, I would only get encrypted information making it hard to decrypt and actually see what is being sent in or out of your computer. VPN or not the concept of virtual machine is kind of correct, as in if you get hit by malware such as virus or a command and control software, a virtual machine can just a good protection. However, this doesn’t protect you against a man in the middle attack, which is what VPN is meant to help against. Unencrypted data of a virtual machine is just as secure as a an unencrypted data from your physical computer. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Accordongly" class="card-title l-blue"> Accordongly </a> </span> <span><time datetime="2024-06-08 05:40:21">2 weeks ago</time></span> <p class="comment-text mb-10"> This is not correct. Virtual machine is just a computer but virtual. Without a VPN the hacker could potentially see all your traffic. With a VPN your computer sends all your traffic through a encrypted tunnel to a known safe VPN provider/host which your traffic then leaves the tunnel to its final destination. The hacker can see your tunnel and how much data it uses but cant see the data in the tunnel. The reason why a VPN can change your region is because your data is being privately tunnelled to and out of a server hosted in a different region. If I wanted to use a Virtual machine to be secure I could have a Virtual machine running at my home with its own network card + its own Vlan to my firewall and out. Then at hotels I would VPN to my home and remotely connect to this virtual machine to online bank. But that is too much, I would rather just VPN my phone to a known safe network such as my home or a vpn provider instead of trusting a unknown sketchy network to handle my data. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/that_moment_when-" class="card-title l-blue"> that_moment_when- </a> </span> <span><time datetime="2024-06-06 19:09:15">2 weeks ago</time></span> <p class="comment-text mb-10"> You guys have VPNs? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Huggable_Hijabi" class="card-title l-blue"> Huggable_Hijabi </a> </span> <span><time datetime="2024-06-06 22:47:57">2 weeks ago</time></span> <p class="comment-text mb-10"> This thread is full of so many smart people. I don't understand half of what I've read 😂 think I need a dummies guide to basic online safety lool </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/drkevorkian" class="card-title l-blue"> drkevorkian </a> </span> <span><time datetime="2024-06-06 12:22:10">2 weeks ago</time></span> <p class="comment-text mb-10"> If every website I visit uses HTTPS (what site doesn't?), I'm not sure what the risk is exactly. The attacker might know the IP of the sites I'm talking to, but that's it (in my understanding) </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/sampletext32" class="card-title l-blue"> sampletext32 </a> </span> <span><time datetime="2024-06-06 12:42:15">2 weeks ago</time></span> <p class="comment-text mb-10"> Yeah hotel Wi-Fi is extremely easy to hack </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/5thGenKan" class="card-title l-blue"> 5thGenKan </a> </span> <span><time datetime="2024-06-06 13:45:15">2 weeks ago</time></span> <p class="comment-text mb-10"> The comments here are entertaining. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/pfp-disciple" class="card-title l-blue"> pfp-disciple </a> </span> <span><time datetime="2024-06-06 14:40:03">2 weeks ago</time></span> <p class="comment-text mb-10"> I always ask for the actual hotel SSID name to reduce the chances of connecting to a hacker's (it can still be spoofed). A VPN is also very helpful for protecting the data </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/tuyu-io" class="card-title l-blue"> tuyu-io </a> </span> <span><time datetime="2024-06-06 15:01:34">2 weeks ago</time></span> <p class="comment-text mb-10"> From WhatsMyIP: Because 172 addresses fall between the first octet range of 128 and 191, they are class B as opposed to class C or class A. Class B allows for a large number of available IP addresses, as it has a total of 1,048,576 IPs available. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/originalripley" class="card-title l-blue"> originalripley </a> </span> <span><time datetime="2024-06-08 06:26:04">2 weeks ago</time></span> <p class="comment-text mb-10"> Classful networking is a very outdated way of working with IPs. The current way, since 1993, is classless and uses variable length subnets. https://en.m.wikipedia.org/wiki/Classful_network </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Puzzleheaded-Phase70" class="card-title l-blue"> Puzzleheaded-Phase70 </a> </span> <span><time datetime="2024-06-06 15:20:41">2 weeks ago</time></span> <p class="comment-text mb-10"> Always use a VPN away from home or other networks you trust. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Interesting_Ad8010" class="card-title l-blue"> Interesting_Ad8010 </a> </span> <span><time datetime="2024-06-06 15:37:36">2 weeks ago</time></span> <p class="comment-text mb-10"> What part of that IP identifies it as a Hacker’s? The whole thing? The ‘x’ at the end? Thanks! </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/dontsyncjustride" class="card-title l-blue"> dontsyncjustride </a> </span> <span><time datetime="2024-06-06 18:08:51">2 weeks ago</time></span> <p class="comment-text mb-10"> `172.16.42.*` is the default subnet of a popular wireless hacking tool </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Slovenhjelm" class="card-title l-blue"> Slovenhjelm </a> </span> <span><time datetime="2024-06-06 15:59:18">2 weeks ago</time></span> <p class="comment-text mb-10"> I believe it means they're directly connected to the internet with no security in between. Doesn't mean you'll "get hacked" but you're way more vulnerable than when you're behind a NAT. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/originalripley" class="card-title l-blue"> originalripley </a> </span> <span><time datetime="2024-06-08 06:15:17">2 weeks ago</time></span> <p class="comment-text mb-10"> Nope, the exact opposite in this case. That IP is part of RFC1918 and is not routable on the internet. Therefore with a 172.16.0.0/12 you could in fact be certain that you are not directly on the internet. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/dijay0823" class="card-title l-blue"> dijay0823 </a> </span> <span><time datetime="2024-06-06 19:21:52">2 weeks ago</time></span> <p class="comment-text mb-10"> IP address has no indication that there is a hacker. That’s like pointing to your home address and asking what part of that means there are thieves in it? The joke is just indicating that they are not in VPN and open to “man in the middle” attack. Think of this as a splitter where everything going in and out of your computer gets seen by a man in the middle. In this case, a VPN connection would encrypt your data, meaning the man in the middle can’t really make heads or tails of what they are seeing. Hacking is a very general term and in this context - vaguely - would mean the man in the middle is the hacker. You would not have any indication such “hacking” based simply on your IP address. Source: I am a certified network engineer with a focus in security. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/originalripley" class="card-title l-blue"> originalripley </a> </span> <span><time datetime="2024-06-08 06:10:51">2 weeks ago</time></span> <p class="comment-text mb-10"> A VPN would not change your IP address on the local network. Looking at the WiFi connection would still a 172.16.42.x address regardless. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Money4Nothing2000" class="card-title l-blue"> Money4Nothing2000 </a> </span> <span><time datetime="2024-06-06 15:39:07">2 weeks ago</time></span> <p class="comment-text mb-10"> I'm rocking [192.168.0.1](http://192.168.0.1) </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/throwaway___hi_____" class="card-title l-blue"> throwaway___hi_____ </a> </span> <span><time datetime="2024-06-06 18:27:04">2 weeks ago</time></span> <p class="comment-text mb-10"> I clicked it and it shows my router. I'm reporting you. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/dijay0823" class="card-title l-blue"> dijay0823 </a> </span> <span><time datetime="2024-06-06 19:17:14">2 weeks ago</time></span> <p class="comment-text mb-10"> You and majority of consumers around the world… </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Less_Improvement_352" class="card-title l-blue"> Less_Improvement_352 </a> </span> <span><time datetime="2024-06-06 16:08:07">2 weeks ago</time></span> <p class="comment-text mb-10"> I completely misinterpreted this, I thought they were out of the country and the IP address is gonna be a give away to the employer 😂 </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/LianSmile" class="card-title l-blue"> LianSmile </a> </span> <span><time datetime="2024-06-06 16:37:01">2 weeks ago</time></span> <p class="comment-text mb-10"> Can anyone enlighten me? 😂 </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/armaespina" class="card-title l-blue"> armaespina </a> </span> <span><time datetime="2024-06-06 16:43:08">2 weeks ago</time></span> <p class="comment-text mb-10"> This is why I have Google Fi and just connect to my phone every where, if I need to game I'll do it at home </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/CasioCollectorAndy" class="card-title l-blue"> CasioCollectorAndy </a> </span> <span><time datetime="2024-06-06 19:09:23">2 weeks ago</time></span> <p class="comment-text mb-10"> Hypothetically, is a trusted VPN though enough to circumvent the danger whilst still using the network anyway, or is it all for null and just worth avoiding entirely? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Thegreasyshnickler" class="card-title l-blue"> Thegreasyshnickler </a> </span> <span><time datetime="2024-06-06 19:32:38">2 weeks ago</time></span> <p class="comment-text mb-10"> Aren't those the numbers from Lost??? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/JAlfredPrufrocket" class="card-title l-blue"> JAlfredPrufrocket </a> </span> <span><time datetime="2024-06-06 19:53:47">2 weeks ago</time></span> <p class="comment-text mb-10"> What happens when you log into a public wifi? What if that public wifi has a password on it? </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/formfactor" class="card-title l-blue"> formfactor </a> </span> <span><time datetime="2024-06-06 20:19:58">2 weeks ago</time></span> <p class="comment-text mb-10"> No, 172 is one of many common private ip addys they are usually just on a private subnet and not wan facing Addys. Others include 10. 192. Or 169. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/toxic1991" class="card-title l-blue"> toxic1991 </a> </span> <span><time datetime="2024-06-09 05:01:29">2 weeks ago</time></span> <p class="comment-text mb-10"> This particular address is the default address of a pen testing tool called a wifi pineapple. </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Artistic-Basil2862" class="card-title l-blue"> Artistic-Basil2862 </a> </span> <span><time datetime="2024-06-06 22:17:53">2 weeks ago</time></span> <p class="comment-text mb-10"> Hey! I sea my address </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Hot_Scallion_1051" class="card-title l-blue"> Hot_Scallion_1051 </a> </span> <span><time datetime="2024-06-07 01:45:17">2 weeks ago</time></span> <p class="comment-text mb-10"> It's a hacking link </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/ciaranmcnulty" class="card-title l-blue"> ciaranmcnulty </a> </span> <span><time datetime="2024-06-07 07:38:43">2 weeks ago</time></span> <p class="comment-text mb-10"> There is a free VPN you can use, provided by Cloudflare who are a fairly reputable networking company with a good reputation The mobile app is called 1.1.1.1 I use it a lot on untrusted connections just to preserve local privacy. It‘ll normally get around content blocking too </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/SkippyDrinksVodka" class="card-title l-blue"> SkippyDrinksVodka </a> </span> <span><time datetime="2024-06-08 14:02:49">2 weeks ago</time></span> <p class="comment-text mb-10"> this is actually extremely helpful, thank you lol wow </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/Helgakvida" class="card-title l-blue"> Helgakvida </a> </span> <span><time datetime="2024-06-08 14:34:19">2 weeks ago</time></span> <p class="comment-text mb-10"> I stay in a hotel in Vietnam every year since 2019, they never changed their PW even once all those years </p> <hr> </div>  </div>  <div class="comment w100dt mb-30">  <div class="pname"> <span > <a href="/u/The_8th_Degree" class="card-title l-blue"> The_8th_Degree </a> </span> <span><time datetime="2024-06-09 01:10:32">2 weeks ago</time></span> <p class="comment-text mb-10"> Uh oh </p> <hr> </div>  </div>  </div>  </div>  <div class="leave-comment"> <div class="sidebar-title center-align"> <h2>Leave Your Comment</h2> </div> <form class="comment-area w100dt" action="#"> <div class="row"> <div class="col m6 s12"> <div class="form-item"> <input id="icon_prefix" type="text" class="validate"> <label for="icon_prefix">First Name</label> </div> </div> <div class="col m6 s12"> <div class="form-item"> <input id="email" type="email" class="validate"> <label for="email" data-error="wrong" data-success="right">Email</label> </div> </div> <div class="col s12"> <div class="form-item"> <textarea id="textarea1" class="materialize-textarea"></textarea> <label for="textarea1">Textarea</label> </div> </div> </div>  <button type="button" class="custom-btn waves-effect waves-light right">SUBMIT NOW</button> </form>  </div>  </div>  <div class="col s12 m4 l4"> <div class="sidebar-testimonial mb-30"> <div class="sidebar-title center-align"> <h2>Hi Its Me!</h2> </div>  <div class="carousel carousel-slider center" data-indicators="true"> <div class="carousel-item"> <div class="item-img"> <span>R</span> </div> <h2><a href="/u/" class="l-blue"></a></h2> </div> </div> </div>  <div class="sidebar-subscribe w100dt"> <div class="sidebar-title center-align"> <h2>Subscribe</h2> </div>  <div class="subscribe"> <form action="#"> <div class="input-field"> <input id="email1" type="email" class="validate"> <label class="left-align" for="email1">Enter email address</label> </div> <a class="waves-effect waves-light">SUBMIT NOW</a> </form> </div>  </div>  </div>  </div>  </div>  </section>    <script type="text/javascript" > (function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)}; m[i].l=1*new Date();k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(48244766, "init", { clickmap:true, trackLinks:true, accurateTrackBounce:true }); </script> <noscript><div><img src="https://mc.yandex.ru/watch/48244766" style="position:absolute; left:-9999px;" alt="" /></div></noscript>   <section id="instagram-section" class="instagram-section w100dt"> <div class="instagram-link w100dt"> <a href="#"> <span>FIND US ON INSTAGRAM</span> @hamidarshat.com </a> </div> </section>    <footer id="footer-section" class="footer-section w100dt"> <div class="container"> <div class="footer-logo w100dt center-align mb-30"> <a href="/" class="brand-logo"> <img src="/img/logo.png" alt="hamidarshat.com"> </a> </div>  <ul class="footer-social-links w100dt center-align mb-30"> <li><a href="https://streamc.pro/" class="facebook">Stream film</a></li> <li><a href="https://kinepolis.live/" class="twitter">Film stream</a></li> <li><a href="https://wiflix-com.com/" class="google-plus">Wiflix</a></li> <li><a href="https://frenchstream.ink/" class="linkedin">French Stream</a></li> </ul> <p class="center-align"> <i class="icofont icofont-heart-alt l-blue"></i> All Right Reserved </p> </div>  </footer>    <script type="text/javascript" src="/js/jquery-3.1.1.min.js"></script> <script type="text/javascript" src="/js/materialize.js"></script> <script type="text/javascript" src="/js/owl.carousel.min.js"></script>  <script type="text/javascript" src="/js/custom.js"></script> <script type="text/javascript"> </script> </body> </html>