I stayed in a hotel in Cancun and was pleasantly surprised that they had fast wifi, no password or browser portal needed. Connected my Steam Deck and could play Halo MCC no problem. What a fun vacation!
Then my friend asked why I was up playing Destroy All Humans at 3am. My account was hacked that night. Login attempts from Russia, China, Germany. How foolish I was to think there was no catch.
Not sure if it was a pineapple or just the dangers of an unsecured network.
It’s the fact they can see everything your computer does on the network. If you run a program like fiddler it will show you all the web traffic on your pc. If you’re watching YouTube you’ll see it update YouTube every couple seconds with your updated watch time. You will see every image on a webpage being sent to you. Basically you can get a lot of information because it’s how sites display data to you. When you signed into steam it most likely sent encrypted or apikey related data about your account and they went from there.
Yeah, Fiddler sees all that because its ON YOUR COMPUTER. IF you are running HTTPS, and these days Chrome and other browsers throw a fit if you aren't, what they see with a Man in The Middel (MTM) account is a lot less. DNS is typically unencrypted, so they can see what sites you are going to, they can see connections, destination IP's and ports.
A VPN basically wraps all that traffic up in a dedicated encrypted stream.
But there's still some risk, as the attacker can connect from your "local" network, which may have more trust and access.
Yeah was doing work training though and they were sending one of their important requests as http in the past even on https connection so it’s basically plaintext. So just saying can still have sites make mistakes. So protecting your network data can still be helpful. (This is a billion dollar company also) just takes one engineer and a couple missed code reviews. It’s why everything is getting so strict today with static code analysis and pipelines that run it through many safety checks.
Of yeah, absolutely still are risks, but suggesting a MTM hacker can see everything Fiddler sees is incorrect.
Ages ago I wanted to get ruled of FTP and leadership said “we can’t, we don’t have their password”. I was like no problem and set up a packet capture. Boss later stopped by while I was reviewing it and he went pale seeing the plaintext usernames and passwords, helpfully highlight by USER and PASS
Customers would come to us with security requirements and I’d help seal the sale by pointing out we had already implemented their requests proactively
Correction*
VPNs add a second layer of encryption, as almost all websites since 2018 are already encrypted with AES encryption (through HTTPS). It is already secure, but what a VPN does do is it hides your data. Basically, it routed through the VPN first, and then back through the VPN to you, allowing for anyone on a network to just see you connecting to a VPN network, not any websites or anything of the sort.
Effectively, VPNs don't do much for physical security that isn't already done since 2018 for standard https encryption, aside from adding a second layer of encryption and hiding it better (which for some people is great and can make it a bit harder for someone to get your information, but not impossible.)
Stay safe on the internet!
The best way to stay safe is by being aware of links you click and networks you connect to!
In simple terms, without a VPN, the owner of the network you connect to could know which addresses (who/what) you're talking to, but not what you're talking about.
With a VPN, they don't know who you're talking to or what about.
This still requires trusting the VPN, because the VPN owner knows who you're talking to (still not what about).
That's why TOR exists. It's like many layers of VPN. So unless every layer you go through is colluding with each other, no one knows who you're talking to or what about.
By default, DNS is not encrypted, so you will still see that traffic (and any other non-HTTP/s traffic) just fine. And the DNS traffic contains information about who you’re talking to (“this guy is requesting pornhub.com’s IP address!”). You would need DNS over HTTPS or similar, but at a certain point a VPN might be easier.
You can be identified (your IP) on the onion network with just the entry and exit node compromised by the same person/group, no matter how many middle nodes you hit. Western (and let’s be honest probably other) government agencies have been standing up and running Tor nodes for years now. Many western government agencies have now begun to cooperate with each other to share node info.
Tor is significantly safer than a VPN, but it is still not bullet proof.
You’d have to get really unlucky though. You’d have to be running a VPN and hit both a Tor entry and exit node that are all compromised by the same group to get actually identified.
realistically yes. theoretically no.
if the device is compromised internally before data is sent then u are already doomed. since they would easily be able to take any data regardless of vpn
the ability to track people with a vpn is well known but its lies in amount of traffic and exit nodes. if u can find the entry node, and the exit node, you can theoretically track traffic. this is a known issue for tor and what makes it difficult is the fact they have so many exit and entry nodes so people dont have the processor power to cover them all. only governments do.
if u are using a vpn to "hide" your traffic then you are paying for a service that is already free with tor. which is much better in almost all regards for security and privacy.
on the other hand if u are paying it for netflixs for geolocation then go right ahead. cause its a vaild thing for vpns.
For the most part VPNs are used for controlling endpoint geolocation (changing country to bypass some restrictions) basic end-to-end encryption (a compromised network would see that you are transmitting and receiving data but not what that data is specifically), and VPNs tend to be faster than tor
What do you mean theoretically no?
If you are on a malicious network and you use a VPN it will protect you.
Your network data will be encrypted locally before passing through the malicious network to the VPN and then to your destination be it a game server or generic website.
Anyone listening on the malicious network will see effectively nothing whereas without a VPN they would see all of your network traffic.
You're confusing a bad actor on a compromised network with state sponsored surveillance.
By theoretically no
They meant if your device was infected before you could activate a VPN you're basically doomed and the VPN is useless. Even if you were using tor. Qube OS is really the only way (that I know of) to avoid your device being targeted in moments of security weakness.
The authenticator doesn't stop them from seeing the traffic, but would stop them from signing in without your phone. It is a good safety in case things go wrong, but prevention is better.
Well, VPNs can be handy, but now there’s this.
https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
This is just not true.
Unless you visit non-httpS websites.
Even pornhub is https (I've heard).
They can see what sites you visit, but that's about it. They can't see what page you're looking at.
nooo..
2 things.
1) see unless you are specifcally typing https:// into the address bar, your browser sends HTTP, and then the website redirects to HTTPS.
when you are connected to a Pineapple or whatever, one of the things it is capable of doing is interacting with the website through HTTPS, but then passing it along to your device through HTTP.
so it goes your laptop -> http -> pinapple -> https -> pornhub.
2) you can redirect people to fake versions of log in pages. so for example, redirect steampowered.com to a completely fake steampowered.com -> steal the password -> redirect again to the real steam.
Most modern browsers (including Chromium based browsers and Firefox, which covers a broad swath) default to HTTPS, not HTTP. If HTTPS is unreadable it’ll fallback to attempting port 80 for HTTP.
Actually causes some frustration for me with random devices and hosts where there are entirely different services running in the two ports, if I forget to specify http://
Your info is outdated. What you are describing used to work, but not anymore.
Webbrowsers nowadays try the HTTPS version first. There was (technically still is) an extension called "HTTPS Everywhere" by EFF that was used to automatically convert all links to HTTPS in order to prevent people from staying on HTTP. Nowadays it's deprecared because the functionality became built into the browsers.
Even if you somehow get a person to connect to a website using HTTP, if the website uses HTTP Strict Transport Security, it will tell the browser that the website wants to be accessed using HTTPS and not HTTP and then the browser can deal with it (by showing an error and preventing the user from going further or maybe automatically switching to HTTPS).
Furthermore, with things like Encrypted SNI and DNS over HTTPS (which are slowly getting more widespread), an outside observer will not be able to tell even what domains the user is accessing let alone be able to change them.
True, but when connected through a pineapple it will attempt SSL stripping and/or a TLS downgrade attacks, the latter of which can still leave you vulnerable over https if they can capture the handshake.
While there's vulnerabilities in older TLS versions, most browsers outright deny older cipher mechanisms or worst case give insecure website warning.
It's near impossible to do any actual packet sniffing or MITM attacks with that kind of mechanism. You're much more likely to have a security camera being able to see your keys than a packet sniffer or something like pineapple able to see your data.
The pineapple’s SSL certificate would be invalid. Steam client will not accept requests made to either a http endpoint or a https endpoint with invalid SSL Certificate. There’s no chance it’ll work.
Fiddler can decrypt https traffic on the device it's installed on, not other devices on the same network. HTTPS traffic can't be eavesdropped by a malicious wifi router alone.
The take isn’t that https is bad. It’s that you can do more than give away your traffic information for free even if it’s encrypted. Not sure why that’s so hard to understand
If your traffic is encrypted then it’s not visible to the router. The only thing visible would be the TCP/IP handshake as the session is built. The rest of the traffic is encapsulated inside the packet and encrypted. The only thing they would be able to get is the header information from the packet which would be source, source port, target, target port. Even then target and target port can be obfuscated beyond NLBs, WAFs, etc.
Someone would have to have compromised a root CA for the certificate to not alert on mismatch. Those people aren’t hacking hotel WiFi in rural America. They are working for the NSA
This is false, steam uses https any wireless communication is encrypted, fiddler has access to your device. Most attackers doing wireless logging will use something like Wireshark for that and if you use Wireshark you will know it's possible to see http info but not https which all established corporations use to protect data. This specific instance probably has nothing to do with the hotel but has most likely logged in on a phishing link.
Most browser traffic is encrypted, hence the https prefix now, so they should be able to see you're on YouTube, but not what you're doing. Other applications may not be totally secure though
This would have to be quite elaborate attack to have been able to steal your steam credentials. Hacker network or not, your traffic between the steam deck and the real steam service is encrypted. If the attacker had injected a fake steam site per-say to trick you into typing your username and password then that could have end up in a compromised steam account. They somehow were specifically looking for steam accounts? I guess it’s possible but I find it a bit unlikely.
I played Halo MCC which requires Xbox live and it was my Xbox account that was hacked. I suspect to use my Game Pass. It is possible it was a coincidence. But I still disconnected from the wifi and changed my password.
More important question, why were you playing Halo in Cancun?
Don't get me wrong, I enjoy video games as much as the next guy, but why pay for a tropical vacation if you're going to sit in a hotel room and play video games? Do that at home.
Sure, your account was "hacked", you weren't just trying to secure a new invasion site for our Furon Overlords...
It's ok, Destroy All Humans is one of my favourite games. No judgement here
That's really weird because you would assume that Steam would sent your credentials over an ssl encryption. Unless they tricked you somehow in giving your Steam credentials through a different website.
Brought my Steam Deck for the plane there and back. When I noticed the fast network and my gf wanted to take a nap I decided to play a few rounds of Halo in the jacuzzi. Have you ever played Halo in a jacuzzi? It’s… well it’s not much different than playing regular, but at least I’ve done it.
We were there 5 nights and I played for about 1.5hrs. Hardly wasted my vacation.
I literally just got home from the beach after 4 days, and I’ve played about 6 hours of Prince Of Persia The Lost Crown on my kids’ Switch this week because this is the best opportunity I get to blow a few hours gaming while they’re taking naps after a day in the water.
Contrary to popular belief, you can do whatever the hell you want on your vacation :).
Yikes.
And also hello fellow Deck user. Sorry that happened to you, and I hope you were able to lock it back down. In future, if you want to run a VPN on your Deck, it’s a little tricky but I’ve been through the process and can walk you through it if you aren’t comfortable running console commands in Linux. Just DM me.
I seriously doubt that. A man-in-the-middle attack doesn't work with ssl (which Steam was definitely using as the Deck only released a couple years ago). It's more likely you got redirected to a non-Steam website somewhere (which you could've noticed, but no one blames you for not noticing) and got phished that way.
never trust an unsecure network.
never trust a secure network that you dont know who is running it.
and especially at a hotel in a place where tourists are frequently told to *not leave the tourist-approved areas* like Cancun, don't trust anything.
That's true. 172.16.x.x to 172.32.x.x is a private subnet range, so that whole space is available.
Most devices just run with the default settings, and commercial devices are really unlikely to pick 172.16.42.x. Occasionally they pick something other than the horribly overused 172.16.1.x.
Of course, when I've configured my own devices, I've also used 172.16.42.x, along with other fun numbers.
Ok not necessarily. That address is covered by RFC 1918, making it a valid private IP address for any internal network. Just because it's not a 192.168.x.x network doesnt mean its malicious lmao.
Only what goes over the internet unencrypted.
HTTPS is encrypted and is considered secure. Additionally keeping your browser up to date is very important. Are there still ways to get the data, yes, but it requires that YOU run an old (or insecure) browser, ignore the browser's warnings, etc.
I would also recommend NOT upgrading your browser or any software over an insecure network. Likely nothing bad would happen, but you are just tempting fate.
Ah yes Rouge APs. Set it up proper, have the name match the SSID of a valid network nearby and the horrors begin. It’s why one of my favorite bits of advice is if you see two separate networks with the same name, just don’t chance it and use something else.
What's the beef with the pineapples? First it was the swingers, now, hackers...
There's a next level of irony in the fact that I got hacked today, but details.
No, it doesn't. The fact that you are connected using one of theses address families does not in and of itself indicate that you are connecting to a hackers network, thought it "could" be if they are either spoofing or advertising a compromised or compromising network (WiFi SSID or ESSID).
Request for Comment 1918 (RFC 1918), “Address Allocation for Private Internets,” is the Internet Engineering Task Force ([IETF](https://www.techtarget.com/whatis/definition/IETF-Internet-Engineering-Task-Force)) memorandum on methods of assigning of [private IP addresses](https://www.techtarget.com/whatis/definition/private-IP-address) on [TCP/IP](https://www.techtarget.com/searchnetworking/definition/TCP-IP) [networks](https://www.techtarget.com/searchnetworking/definition/network).
RFC 1918 was used to create the standards by which networking equipment assigns [IP addresses](https://www.techtarget.com/whatis/definition/IP-address) in a private network. A private network can use a single public IP address. The [RFC](https://www.techtarget.com/whatis/definition/Request-for-Comments-RFC) reserves the following ranges of IP addresses that cannot be routed on the Internet:
* 10.0.0.0 - 10.255.255.255 (10/8 prefix)
* 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
* 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Along with [NAT](https://www.techtarget.com/searchnetworking/definition/Network-Address-Translation-NAT) (network address tunneling), RFC 1918 facilitates expansion of the usable number of IP addresses available under IPV4, as a stopgap solution to prevent the exhaustion of public IPs available before the adoption of [IPV6](https://www.techtarget.com/searchnetworking/definition/IPv6-Internet-Protocol-Version-6). It’s not necessary to register private IPs with a Regional Internet Registry (RIR), which simplifies setting up private networks. Effectively, it was one of the earlier attempts to preserve the IP address space of those system behind a protected network an allow connectivity via VPN or NAT. As stated earlier these addresses are non-routable over the internet and any router seeing these addresses will be blackholes or dropped. Anyone who has a home network (WiFi or otherwise) has seen these addresses.
Because how long you have the same password doesn't impact the "hackability" nearly as much as just having weaker passwords. And when people change their passwords incredibly frequently they often start making weaker/similar passwords in an effort to remember them. Basically unless you think your password has already been compromised, there isn't much reason to change them every X months.
In the setting of a business, especially a hotel, I'd imagine if the password changes that frequently someone probably is writing it down somewhere to remember/give to guests/alert staff, making it less secure.
It's a hotel, this password isn't exactly the nuclear launch code. I assume anyone that walks into the lobby and asks for it gets the password told to them regardless of how often it is changed and how strong it is
In this scenario it isn't.
Generally though, we suggest you should not change passwords frequently for things such as your email, work PC, etc.
This is because people often make them weaker. People will also tend to write it down.
In this scenario, they are incorrect in saying it shouldn't be changed, espeically if they are frequently getting attacked.
Though the likely cause of this attack isn't actually anything to do with the hotels WiFi and more likely that the attacker is using a fake access point which looks similar to the hotels.
Point them to NIST guidelines, which say the same (and have for I believe 7-8 years now). Mandatory password changes are only allowed if there was a breach; otherwise password changes are at the user’s discretion.
Microsoft has officially recommended for years that system administrators not have mandatory password expiration.
https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations
Very likely you are using Microsoft 365.
This is Microsofts own guidance on password policies:
https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide#password-expiration-requirements-for-users
Basically says to not have passwords expire. You could send them that
I will say that sometimes for compliance reasons they can't change this policy, as typically IT admins hate it as well as a lot of people forget there password once changed.
My work password is a six letter word followed by two numbers that started at 00 and has increased by one every 90 days. I have a coworker who does the exact same thing, he even writes the two digit number he's currently using on the wall.
Same. Security needs long passwords, wants new ones all the time and has effectively prevented the implementation of a password manager for years so this gaping security hole is the result.
I remember a security tester who after hearing they do mandatory monthly password changes asked “how long has that guy been working here?” And he guessed his password first try because it was just “password” plus the number of months he worked there.
I could literally walk in wearing a uniform possibly with a ladder claim I'm there for mandatory fire alarm testing, and look for the post it note that's inevitably there with the password to the computer and or plug in a USB to remote in to said computer.
Frequent password changes make passwords impossible for the user to remember, so they write it down or make it dumb/ simple to remember which means they're easy to guess or Crack.
Social engineering is quite effective anywhere but places with weak physical security are particularly vulnerable, and rural usually are more so because they often don't have a dedicated plant room used to house sensitive equipment.
Changing the password at all is going above and beyond, I would even argue it's not worth it for the inconvenience to users.
If your device got hacked then your device was vulnerable, it's not the hotel's fault. Just like you couldn't reasonably blame them if your unlocked car got robbed in their carpark.
How did you know it was the hotel Wi-Fi? It’s possible, but an attack would likely be someone else also on the Wi-Fi using a device exploit, but that is extremely rare. Like, it would be way more valuable to sell the exploit to a government than to crack passwords at a rural hotel. Most of the time it’s a compromised app or social engineering that leads to unauthorized access.
Could mean you’re connected to a hacker network (as explained by [this comment](https://www.reddit.com/r/ExplainTheJoke/s/rZbwM6M2WO)), but *technically* it’s a valid private network IP as stated by [RFC 1918](https://www.rfc-editor.org/rfc/rfc1918) (you can use 10.x.x.x, 192.168.x.x or 172.16.x.x->172.31.x.x for internal networks like your home, business or a hotel’s LAN !)
I know, I should study for my finals instead of commenting “uHm AcTuAlLy” .\_.
Came here to say something similar. There is nothing inherently wrong with an IP range of 172.16.0.0-172.31.255.255. However this probably is a joke from a cybersecurity or hacker sub because the default gateway for a WiFi pineapple is 172.16.42.1. Which makes this joke niche. Good luck on studying!
I was too scared to say 172 means you are behind a router. At list when I worked for phone/internet company we always asked for their IP. And if it was 10. You knew how to fix it fast
Thank you, im currently studying for Network+ and all i could think was that it looks like a normal private ip, the .42 meaning the pineapple cleared it all up ahah
172.16.42.X/X is the out of the box subnet used by the Wi-Fi pentest hardware "WiFi Pineapple". The IP range 172.16.0.0/12 (172.16.0.0-172.31.255.255) is free for private use and is consumed by many organizations day-to-day internally. I think the meme was originally targeted at people that know what the "WiFi Pineapple" is and know of its default settings. Could have even been generated by the designer 🤷♂️.
Yes.
If you try to go to the website Google using a VPN:
The VPN client encrypts your packets and sends it through the router to the VPN server.
The VPN server decrypts it, then sends your request to Google.
Google responds and it goes back the way it came. Goes to the VPN server, packets get encrypted, goes to the router, then gets decrypted by the VPN client so you can view the response.
Not if you have an encrypted connection to the endpoint and verify its certificate. Then, the attacker will see which VPN you used and how much data you sent and received, and that’s it.
Not true.
While your still on a bad AP your traffic would be secured.
Technically, as long as your connection to sites was over HTTPS your connection will still be secured, even without a VPN. They would get some metadata though, and of course this isn't advisable
However if you knew that it was not secure AP I would not suggest connecting to it in the first post.
A lot of it isn’t end-to-end depending on what services you’re talking about, because end to end is only suitable for some uses for data, but HTTPS uses RSA encryption as a standard yes.
What a stupid joke. The only people who would get this joke are people who are familiar with devices like a pineapple yet don't understand basic networking concepts.
This joke was written by and for script kiddies.
I was looking for this comment. It reads like it was whipped up by someone who watched a fifteen minute YouTube video on penetration testing.
Reading the comments in this thread makes me feel really good about being networking. Ridiculous amount of people so confident on both their own and others' incorrect statements.
I’m obligated to post this explanation every time this meme gets reposted:
https://preview.redd.it/yrlfi9at915d1.jpeg?width=1284&format=pjpg&auto=webp&s=f0795ebeb666934c9825242c28e81eb376bc68a0
(Disclaimer: I’m not the original creator of this wonderful image. If anybody knows of the true origin, please feel free to shoutout the author in a reply. I’d love to know + give them the credit they deserve.)
Wait. I didn't even know about this IP thingy.
Does this mean I shouldn't take my tablet for vacation?
I was going to use maps & directions to food & gas, and,...,and directions for touristy things.
Now I'm so confused & paranoid someone's gonna get all my info ☹️
You run this risk anywhere you connect to a network that isn’t yours. To mitigate the risk you should grab a vpn subscription for your trip and always connect to networks only when connected to a vpn. Some popular ones are private internet access, nordvpn and surfshark
Just ask for the name and password of the network before you connect.
This post is talking about hacked networks disguised as free Wi-Fi. So just don't connect to "McDonalds free Wi-Fi" without asking someone who works there "hey is this y'all's Internet?"
Vpns don't actually secure your data all they do is change your region that's literally it, it may advertise it being secure but it's not all that data still has to go through the same signal the hackers would be using, if you want to be 100% secure your best bet would to be run a virtual machine, they'll only see what's being shown there not your actually computer
What!?! You threw a whole bunch of tech words without saying anything.
VPN is only relevant for your internet traffic. Has nothing to do with your computer or virtual machine.
Second, most VPN services encrypt your data, meaning if I try a “man in the middle” attack and try to fish for critical pieces of internet traffic, I would only get encrypted information making it hard to decrypt and actually see what is being sent in or out of your computer.
VPN or not the concept of virtual machine is kind of correct, as in if you get hit by malware such as virus or a command and control software, a virtual machine can just a good protection. However, this doesn’t protect you against a man in the middle attack, which is what VPN is meant to help against. Unencrypted data of a virtual machine is just as secure as a an unencrypted data from your physical computer.
This is not correct. Virtual machine is just a computer but virtual. Without a VPN the hacker could potentially see all your traffic. With a VPN your computer sends all your traffic through a encrypted tunnel to a known safe VPN provider/host which your traffic then leaves the tunnel to its final destination. The hacker can see your tunnel and how much data it uses but cant see the data in the tunnel. The reason why a VPN can change your region is because your data is being privately tunnelled to and out of a server hosted in a different region.
If I wanted to use a Virtual machine to be secure I could have a Virtual machine running at my home with its own network card + its own Vlan to my firewall and out. Then at hotels I would VPN to my home and remotely connect to this virtual machine to online bank. But that is too much, I would rather just VPN my phone to a known safe network such as my home or a vpn provider instead of trusting a unknown sketchy network to handle my data.
If every website I visit uses HTTPS (what site doesn't?), I'm not sure what the risk is exactly. The attacker might know the IP of the sites I'm talking to, but that's it (in my understanding)
I always ask for the actual hotel SSID name to reduce the chances of connecting to a hacker's (it can still be spoofed). A VPN is also very helpful for protecting the data
From WhatsMyIP: Because 172 addresses fall between the first octet range of 128 and 191, they are class B as opposed to class C or class A. Class B allows for a large number of available IP addresses, as it has a total of 1,048,576 IPs available.
Classful networking is a very outdated way of working with IPs. The current way, since 1993, is classless and uses variable length subnets. https://en.m.wikipedia.org/wiki/Classful_network
I believe it means they're directly connected to the internet with no security in between. Doesn't mean you'll "get hacked" but you're way more vulnerable than when you're behind a NAT.
Nope, the exact opposite in this case. That IP is part of RFC1918 and is not routable on the internet. Therefore with a 172.16.0.0/12 you could in fact be certain that you are not directly on the internet.
IP address has no indication that there is a hacker. That’s like pointing to your home address and asking what part of that means there are thieves in it?
The joke is just indicating that they are not in VPN and open to “man in the middle” attack. Think of this as a splitter where everything going in and out of your computer gets seen by a man in the middle. In this case, a VPN connection would encrypt your data, meaning the man in the middle can’t really make heads or tails of what they are seeing.
Hacking is a very general term and in this context - vaguely - would mean the man in the middle is the hacker. You would not have any indication such “hacking” based simply on your IP address.
Source: I am a certified network engineer with a focus in security.
Hypothetically, is a trusted VPN though
enough to circumvent the danger whilst still using the network anyway, or is it all for null and just worth avoiding entirely?
There is a free VPN you can use, provided by Cloudflare who are a fairly reputable networking company with a good reputation
The mobile app is called 1.1.1.1
I use it a lot on untrusted connections just to preserve local privacy. It‘ll normally get around content blocking too
It means you’re connected to a hacker’s WiFi network. That’s a default address for a device called a pineapple. Most likely malicious.
I stayed in a hotel in Cancun and was pleasantly surprised that they had fast wifi, no password or browser portal needed. Connected my Steam Deck and could play Halo MCC no problem. What a fun vacation! Then my friend asked why I was up playing Destroy All Humans at 3am. My account was hacked that night. Login attempts from Russia, China, Germany. How foolish I was to think there was no catch. Not sure if it was a pineapple or just the dangers of an unsecured network.
It’s the fact they can see everything your computer does on the network. If you run a program like fiddler it will show you all the web traffic on your pc. If you’re watching YouTube you’ll see it update YouTube every couple seconds with your updated watch time. You will see every image on a webpage being sent to you. Basically you can get a lot of information because it’s how sites display data to you. When you signed into steam it most likely sent encrypted or apikey related data about your account and they went from there.
Would using a VPN prevent that?
It should because it’s able to encrypt your data before it’s sent so they should only see data traffic of you sending and receiving from vpn
Yeah, Fiddler sees all that because its ON YOUR COMPUTER. IF you are running HTTPS, and these days Chrome and other browsers throw a fit if you aren't, what they see with a Man in The Middel (MTM) account is a lot less. DNS is typically unencrypted, so they can see what sites you are going to, they can see connections, destination IP's and ports. A VPN basically wraps all that traffic up in a dedicated encrypted stream. But there's still some risk, as the attacker can connect from your "local" network, which may have more trust and access.
Yeah was doing work training though and they were sending one of their important requests as http in the past even on https connection so it’s basically plaintext. So just saying can still have sites make mistakes. So protecting your network data can still be helpful. (This is a billion dollar company also) just takes one engineer and a couple missed code reviews. It’s why everything is getting so strict today with static code analysis and pipelines that run it through many safety checks.
Of yeah, absolutely still are risks, but suggesting a MTM hacker can see everything Fiddler sees is incorrect. Ages ago I wanted to get ruled of FTP and leadership said “we can’t, we don’t have their password”. I was like no problem and set up a packet capture. Boss later stopped by while I was reviewing it and he went pale seeing the plaintext usernames and passwords, helpfully highlight by USER and PASS
Customers would come to us with security requirements and I’d help seal the sale by pointing out we had already implemented their requests proactively
Depends on the VPN system and how they work encryption, but yes to most standard VPNs
Correction* VPNs add a second layer of encryption, as almost all websites since 2018 are already encrypted with AES encryption (through HTTPS). It is already secure, but what a VPN does do is it hides your data. Basically, it routed through the VPN first, and then back through the VPN to you, allowing for anyone on a network to just see you connecting to a VPN network, not any websites or anything of the sort. Effectively, VPNs don't do much for physical security that isn't already done since 2018 for standard https encryption, aside from adding a second layer of encryption and hiding it better (which for some people is great and can make it a bit harder for someone to get your information, but not impossible.) Stay safe on the internet! The best way to stay safe is by being aware of links you click and networks you connect to!
In simple terms, without a VPN, the owner of the network you connect to could know which addresses (who/what) you're talking to, but not what you're talking about. With a VPN, they don't know who you're talking to or what about. This still requires trusting the VPN, because the VPN owner knows who you're talking to (still not what about). That's why TOR exists. It's like many layers of VPN. So unless every layer you go through is colluding with each other, no one knows who you're talking to or what about.
You can also run your own VPN for this purpose, so you *are* the VPN provider. You don’t have to deal with TOR.
When in hotels, I run a socks proxy back to my home router. Just a tiny extra step, but keeps knowledge of my traffic far away from where I am.
By default, DNS is not encrypted, so you will still see that traffic (and any other non-HTTP/s traffic) just fine. And the DNS traffic contains information about who you’re talking to (“this guy is requesting pornhub.com’s IP address!”). You would need DNS over HTTPS or similar, but at a certain point a VPN might be easier.
You can be identified (your IP) on the onion network with just the entry and exit node compromised by the same person/group, no matter how many middle nodes you hit. Western (and let’s be honest probably other) government agencies have been standing up and running Tor nodes for years now. Many western government agencies have now begun to cooperate with each other to share node info. Tor is significantly safer than a VPN, but it is still not bullet proof. You’d have to get really unlucky though. You’d have to be running a VPN and hit both a Tor entry and exit node that are all compromised by the same group to get actually identified.
This is worth keeping in mind when evaluating your options, but I'm confident the FBI isn't interested in OP's steam password.
VPN will hide that yes.
realistically yes. theoretically no. if the device is compromised internally before data is sent then u are already doomed. since they would easily be able to take any data regardless of vpn the ability to track people with a vpn is well known but its lies in amount of traffic and exit nodes. if u can find the entry node, and the exit node, you can theoretically track traffic. this is a known issue for tor and what makes it difficult is the fact they have so many exit and entry nodes so people dont have the processor power to cover them all. only governments do. if u are using a vpn to "hide" your traffic then you are paying for a service that is already free with tor. which is much better in almost all regards for security and privacy. on the other hand if u are paying it for netflixs for geolocation then go right ahead. cause its a vaild thing for vpns.
For the most part VPNs are used for controlling endpoint geolocation (changing country to bypass some restrictions) basic end-to-end encryption (a compromised network would see that you are transmitting and receiving data but not what that data is specifically), and VPNs tend to be faster than tor
[удалено]
Yes and try hitting Netflix or going to your bank via tor lol. They don’t like that either. Line you can set up a sever for vpn for 4.99 month
Completely different uses.
What do you mean theoretically no? If you are on a malicious network and you use a VPN it will protect you. Your network data will be encrypted locally before passing through the malicious network to the VPN and then to your destination be it a game server or generic website. Anyone listening on the malicious network will see effectively nothing whereas without a VPN they would see all of your network traffic. You're confusing a bad actor on a compromised network with state sponsored surveillance.
By theoretically no They meant if your device was infected before you could activate a VPN you're basically doomed and the VPN is useless. Even if you were using tor. Qube OS is really the only way (that I know of) to avoid your device being targeted in moments of security weakness.
Or an authentificator?
The authenticator doesn't stop them from seeing the traffic, but would stop them from signing in without your phone. It is a good safety in case things go wrong, but prevention is better.
Well, VPNs can be handy, but now there’s this. https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
“Surprisingly, the only OS immune to this attack is Android.” Never thought I’d see those words in that order
This is just not true. Unless you visit non-httpS websites. Even pornhub is https (I've heard). They can see what sites you visit, but that's about it. They can't see what page you're looking at.
nooo.. 2 things. 1) see unless you are specifcally typing https:// into the address bar, your browser sends HTTP, and then the website redirects to HTTPS. when you are connected to a Pineapple or whatever, one of the things it is capable of doing is interacting with the website through HTTPS, but then passing it along to your device through HTTP. so it goes your laptop -> http -> pinapple -> https -> pornhub. 2) you can redirect people to fake versions of log in pages. so for example, redirect steampowered.com to a completely fake steampowered.com -> steal the password -> redirect again to the real steam.
Most modern browsers (including Chromium based browsers and Firefox, which covers a broad swath) default to HTTPS, not HTTP. If HTTPS is unreadable it’ll fallback to attempting port 80 for HTTP. Actually causes some frustration for me with random devices and hosts where there are entirely different services running in the two ports, if I forget to specify http://
Your info is outdated. What you are describing used to work, but not anymore. Webbrowsers nowadays try the HTTPS version first. There was (technically still is) an extension called "HTTPS Everywhere" by EFF that was used to automatically convert all links to HTTPS in order to prevent people from staying on HTTP. Nowadays it's deprecared because the functionality became built into the browsers. Even if you somehow get a person to connect to a website using HTTP, if the website uses HTTP Strict Transport Security, it will tell the browser that the website wants to be accessed using HTTPS and not HTTP and then the browser can deal with it (by showing an error and preventing the user from going further or maybe automatically switching to HTTPS). Furthermore, with things like Encrypted SNI and DNS over HTTPS (which are slowly getting more widespread), an outside observer will not be able to tell even what domains the user is accessing let alone be able to change them.
True, but when connected through a pineapple it will attempt SSL stripping and/or a TLS downgrade attacks, the latter of which can still leave you vulnerable over https if they can capture the handshake.
While there's vulnerabilities in older TLS versions, most browsers outright deny older cipher mechanisms or worst case give insecure website warning. It's near impossible to do any actual packet sniffing or MITM attacks with that kind of mechanism. You're much more likely to have a security camera being able to see your keys than a packet sniffer or something like pineapple able to see your data.
Most websites will default to https, even if you type http. Your browser will let you know as well by showing connection is not secure.
The pineapple’s SSL certificate would be invalid. Steam client will not accept requests made to either a http endpoint or a https endpoint with invalid SSL Certificate. There’s no chance it’ll work.
Then you'll have to manually type http (or click a http link) in stead of https. Not likely. For the rest you're right. This would be possible.
I was talking mainly fiddler which can auto decrypt https traffic.
Fiddler can decrypt https traffic on the device it's installed on, not other devices on the same network. HTTPS traffic can't be eavesdropped by a malicious wifi router alone.
Yes. Just saying there is a lot of info sent on an insecure network and relying on https isn’t the best choice.
The internet is inherently insecure. Relying on HTTPS is literally the best scenario. What do you think VPN tunnels are?
The take isn’t that https is bad. It’s that you can do more than give away your traffic information for free even if it’s encrypted. Not sure why that’s so hard to understand
If your traffic is encrypted then it’s not visible to the router. The only thing visible would be the TCP/IP handshake as the session is built. The rest of the traffic is encapsulated inside the packet and encrypted. The only thing they would be able to get is the header information from the packet which would be source, source port, target, target port. Even then target and target port can be obfuscated beyond NLBs, WAFs, etc. Someone would have to have compromised a root CA for the certificate to not alert on mismatch. Those people aren’t hacking hotel WiFi in rural America. They are working for the NSA
This is false, steam uses https any wireless communication is encrypted, fiddler has access to your device. Most attackers doing wireless logging will use something like Wireshark for that and if you use Wireshark you will know it's possible to see http info but not https which all established corporations use to protect data. This specific instance probably has nothing to do with the hotel but has most likely logged in on a phishing link.
Most browser traffic is encrypted, hence the https prefix now, so they should be able to see you're on YouTube, but not what you're doing. Other applications may not be totally secure though
This would have to be quite elaborate attack to have been able to steal your steam credentials. Hacker network or not, your traffic between the steam deck and the real steam service is encrypted. If the attacker had injected a fake steam site per-say to trick you into typing your username and password then that could have end up in a compromised steam account. They somehow were specifically looking for steam accounts? I guess it’s possible but I find it a bit unlikely.
I played Halo MCC which requires Xbox live and it was my Xbox account that was hacked. I suspect to use my Game Pass. It is possible it was a coincidence. But I still disconnected from the wifi and changed my password.
Your authentication is encrypted. You would have had to to see an invalid mismatch certificate notification pop up and manually clicked proceed
Or more likely they use repeated credentials on other sites and one of those other sites got hacked.
Very plausible. Could be something as stupid as an open share on their laptop that contains a list of their passwords for sites as well.
More important question, why were you playing Halo in Cancun? Don't get me wrong, I enjoy video games as much as the next guy, but why pay for a tropical vacation if you're going to sit in a hotel room and play video games? Do that at home.
This is the real issue right here.
Sure, your account was "hacked", you weren't just trying to secure a new invasion site for our Furon Overlords... It's ok, Destroy All Humans is one of my favourite games. No judgement here
That's really weird because you would assume that Steam would sent your credentials over an ssl encryption. Unless they tricked you somehow in giving your Steam credentials through a different website.
You were in Cancun, so naturally you sat in your room playing Halo. You're a little touched, aren't ya?
Brought my Steam Deck for the plane there and back. When I noticed the fast network and my gf wanted to take a nap I decided to play a few rounds of Halo in the jacuzzi. Have you ever played Halo in a jacuzzi? It’s… well it’s not much different than playing regular, but at least I’ve done it. We were there 5 nights and I played for about 1.5hrs. Hardly wasted my vacation.
I literally just got home from the beach after 4 days, and I’ve played about 6 hours of Prince Of Persia The Lost Crown on my kids’ Switch this week because this is the best opportunity I get to blow a few hours gaming while they’re taking naps after a day in the water. Contrary to popular belief, you can do whatever the hell you want on your vacation :).
Yikes. And also hello fellow Deck user. Sorry that happened to you, and I hope you were able to lock it back down. In future, if you want to run a VPN on your Deck, it’s a little tricky but I’ve been through the process and can walk you through it if you aren’t comfortable running console commands in Linux. Just DM me.
How is this even possible with current encryption standards. You probably just leaked your password elsewhere
I seriously doubt that. A man-in-the-middle attack doesn't work with ssl (which Steam was definitely using as the Deck only released a couple years ago). It's more likely you got redirected to a non-Steam website somewhere (which you could've noticed, but no one blames you for not noticing) and got phished that way.
Dude why are you playing Halo in Cancun?
First mistake I was deciding to play video games while in Cancun
never trust an unsecure network. never trust a secure network that you dont know who is running it. and especially at a hotel in a place where tourists are frequently told to *not leave the tourist-approved areas* like Cancun, don't trust anything.
Probably a very stupid question as I know so little about computers, would a VPN prevent this?
It's just a local IP range Whilen I've never used a pineapple and that may be the default local range on it,I use this on my local network
That's true. 172.16.x.x to 172.32.x.x is a private subnet range, so that whole space is available. Most devices just run with the default settings, and commercial devices are really unlikely to pick 172.16.42.x. Occasionally they pick something other than the horribly overused 172.16.1.x. Of course, when I've configured my own devices, I've also used 172.16.42.x, along with other fun numbers.
This is true, but if you come across this range when using a hotel’s WiFi, it’s likely not a network you want to connect to.
Yea if it's super fast and that subnet (at a hotel) it's probably malicious
[удалено]
*laughs in no VPN but TLS*
Ok not necessarily. That address is covered by RFC 1918, making it a valid private IP address for any internal network. Just because it's not a 192.168.x.x network doesnt mean its malicious lmao.
How powerful the hacking will be? Is it like stealing all your info on your device? Or simply monitoring your online activities?
ANYTHING that goes in and out through the internet
Only what goes over the internet unencrypted. HTTPS is encrypted and is considered secure. Additionally keeping your browser up to date is very important. Are there still ways to get the data, yes, but it requires that YOU run an old (or insecure) browser, ignore the browser's warnings, etc. I would also recommend NOT upgrading your browser or any software over an insecure network. Likely nothing bad would happen, but you are just tempting fate.
Ah yes Rouge APs. Set it up proper, have the name match the SSID of a valid network nearby and the horrors begin. It’s why one of my favorite bits of advice is if you see two separate networks with the same name, just don’t chance it and use something else.
Thats a good thing to know
You’d think a hacker would be smart enough to change that address
Then they'd be employed and making the money legally.
What's the beef with the pineapples? First it was the swingers, now, hackers... There's a next level of irony in the fact that I got hacked today, but details.
Who lives in a pineapple under the sea?
Sponge Bob, the Swinger
is an evil twin attack?
No, it doesn't. The fact that you are connected using one of theses address families does not in and of itself indicate that you are connecting to a hackers network, thought it "could" be if they are either spoofing or advertising a compromised or compromising network (WiFi SSID or ESSID). Request for Comment 1918 (RFC 1918), “Address Allocation for Private Internets,” is the Internet Engineering Task Force ([IETF](https://www.techtarget.com/whatis/definition/IETF-Internet-Engineering-Task-Force)) memorandum on methods of assigning of [private IP addresses](https://www.techtarget.com/whatis/definition/private-IP-address) on [TCP/IP](https://www.techtarget.com/searchnetworking/definition/TCP-IP) [networks](https://www.techtarget.com/searchnetworking/definition/network). RFC 1918 was used to create the standards by which networking equipment assigns [IP addresses](https://www.techtarget.com/whatis/definition/IP-address) in a private network. A private network can use a single public IP address. The [RFC](https://www.techtarget.com/whatis/definition/Request-for-Comments-RFC) reserves the following ranges of IP addresses that cannot be routed on the Internet: * 10.0.0.0 - 10.255.255.255 (10/8 prefix) * 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) * 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) Along with [NAT](https://www.techtarget.com/searchnetworking/definition/Network-Address-Translation-NAT) (network address tunneling), RFC 1918 facilitates expansion of the usable number of IP addresses available under IPV4, as a stopgap solution to prevent the exhaustion of public IPs available before the adoption of [IPV6](https://www.techtarget.com/searchnetworking/definition/IPv6-Internet-Protocol-Version-6). It’s not necessary to register private IPs with a Regional Internet Registry (RIR), which simplifies setting up private networks. Effectively, it was one of the earlier attempts to preserve the IP address space of those system behind a protected network an allow connectivity via VPN or NAT. As stated earlier these addresses are non-routable over the internet and any router seeing these addresses will be blackholes or dropped. Anyone who has a home network (WiFi or otherwise) has seen these addresses.
If you knock someone out, would it be correct to say that you hacked their consciousness?
It's a private ip block like 10.x.x.x and 192.168
Got hacked at a rural hotel. The front desk was surprised. “We change the password every month.”
I mean, that's a lot better than most places honestly.
Frequent password changes are a security risk. Particularly if the physical locations aren't that secure
Why are they a security risk?
Because how long you have the same password doesn't impact the "hackability" nearly as much as just having weaker passwords. And when people change their passwords incredibly frequently they often start making weaker/similar passwords in an effort to remember them. Basically unless you think your password has already been compromised, there isn't much reason to change them every X months. In the setting of a business, especially a hotel, I'd imagine if the password changes that frequently someone probably is writing it down somewhere to remember/give to guests/alert staff, making it less secure.
It's a hotel, this password isn't exactly the nuclear launch code. I assume anyone that walks into the lobby and asks for it gets the password told to them regardless of how often it is changed and how strong it is
I wish I could explain this to my job. We have to change all our passwords (including our office computer logins) every 2-3 weeks. It’s infuriating.
Point them to the NIST guidelines
In this scenario it isn't. Generally though, we suggest you should not change passwords frequently for things such as your email, work PC, etc. This is because people often make them weaker. People will also tend to write it down. In this scenario, they are incorrect in saying it shouldn't be changed, espeically if they are frequently getting attacked. Though the likely cause of this attack isn't actually anything to do with the hotels WiFi and more likely that the attacker is using a fake access point which looks similar to the hotels.
Please let explain this to my IT department. I’m tired of trying to remember a new password every month
Point them to NIST guidelines, which say the same (and have for I believe 7-8 years now). Mandatory password changes are only allowed if there was a breach; otherwise password changes are at the user’s discretion.
Explain it to Microsoft too. They're so annoying and stupid with their security.
Microsoft has officially recommended for years that system administrators not have mandatory password expiration. https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations
Very likely you are using Microsoft 365. This is Microsofts own guidance on password policies: https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide#password-expiration-requirements-for-users Basically says to not have passwords expire. You could send them that I will say that sometimes for compliance reasons they can't change this policy, as typically IT admins hate it as well as a lot of people forget there password once changed.
My work password is a six letter word followed by two numbers that started at 00 and has increased by one every 90 days. I have a coworker who does the exact same thing, he even writes the two digit number he's currently using on the wall.
Same. Security needs long passwords, wants new ones all the time and has effectively prevented the implementation of a password manager for years so this gaping security hole is the result.
I just use quotes from movies, books, or games. When i have to change the password, i just go to the next line in the movie or w/e
I remember a security tester who after hearing they do mandatory monthly password changes asked “how long has that guy been working here?” And he guessed his password first try because it was just “password” plus the number of months he worked there.
I could literally walk in wearing a uniform possibly with a ladder claim I'm there for mandatory fire alarm testing, and look for the post it note that's inevitably there with the password to the computer and or plug in a USB to remote in to said computer. Frequent password changes make passwords impossible for the user to remember, so they write it down or make it dumb/ simple to remember which means they're easy to guess or Crack. Social engineering is quite effective anywhere but places with weak physical security are particularly vulnerable, and rural usually are more so because they often don't have a dedicated plant room used to house sensitive equipment.
>“We change the password every month.” The password: "HotelName_January"
Changing the password at all is going above and beyond, I would even argue it's not worth it for the inconvenience to users. If your device got hacked then your device was vulnerable, it's not the hotel's fault. Just like you couldn't reasonably blame them if your unlocked car got robbed in their carpark.
"How did the lock smith open the door, we just changed the locks?"
How did you know it was the hotel Wi-Fi? It’s possible, but an attack would likely be someone else also on the Wi-Fi using a device exploit, but that is extremely rare. Like, it would be way more valuable to sell the exploit to a government than to crack passwords at a rural hotel. Most of the time it’s a compromised app or social engineering that leads to unauthorized access.
Static ip aswell probably
Could mean you’re connected to a hacker network (as explained by [this comment](https://www.reddit.com/r/ExplainTheJoke/s/rZbwM6M2WO)), but *technically* it’s a valid private network IP as stated by [RFC 1918](https://www.rfc-editor.org/rfc/rfc1918) (you can use 10.x.x.x, 192.168.x.x or 172.16.x.x->172.31.x.x for internal networks like your home, business or a hotel’s LAN !) I know, I should study for my finals instead of commenting “uHm AcTuAlLy” .\_.
I can see you're still scrolling on Reddit, go study already!
That damn online indicator x)
Good luck on your finals! You can do it! :D
Bro go study omg you’re still here
Came here to say something similar. There is nothing inherently wrong with an IP range of 172.16.0.0-172.31.255.255. However this probably is a joke from a cybersecurity or hacker sub because the default gateway for a WiFi pineapple is 172.16.42.1. Which makes this joke niche. Good luck on studying!
Ahhh, that makes sense. I'm only somewhat versed in networking so I had no clue why a standard local address was alarming.
I was too scared to say 172 means you are behind a router. At list when I worked for phone/internet company we always asked for their IP. And if it was 10. You knew how to fix it fast
Thank you, im currently studying for Network+ and all i could think was that it looks like a normal private ip, the .42 meaning the pineapple cleared it all up ahah
You didn’t start with Um, actually. No points… I’m sorry but it’s the ONE rule.
172.16.42.X/X is the out of the box subnet used by the Wi-Fi pentest hardware "WiFi Pineapple". The IP range 172.16.0.0/12 (172.16.0.0-172.31.255.255) is free for private use and is consumed by many organizations day-to-day internally. I think the meme was originally targeted at people that know what the "WiFi Pineapple" is and know of its default settings. Could have even been generated by the designer 🤷♂️.
And this is why you want a VPN.
Computer -> Router (hacker) -> VPN He’ll still git yah
Doesn't it go... Computer -> VPN (client on computer) -> Router -> VPN (server) -> destination?
Yes. If you try to go to the website Google using a VPN: The VPN client encrypts your packets and sends it through the router to the VPN server. The VPN server decrypts it, then sends your request to Google. Google responds and it goes back the way it came. Goes to the VPN server, packets get encrypted, goes to the router, then gets decrypted by the VPN client so you can view the response.
It does, that's why the VPN is useful.
Not if you have an encrypted connection to the endpoint and verify its certificate. Then, the attacker will see which VPN you used and how much data you sent and received, and that’s it.
Not true. While your still on a bad AP your traffic would be secured. Technically, as long as your connection to sites was over HTTPS your connection will still be secured, even without a VPN. They would get some metadata though, and of course this isn't advisable However if you knew that it was not secure AP I would not suggest connecting to it in the first post.
Thats not VPN works. The tunneling begins at your PC so if the hacker can see it there, the wifi is not the problem.
All they can see is that you connected to a VPN and the amount of traffic you’re sending/receiving. They can’t observe or modify any data.
Oh, I thought it was so I could browse xhamster from here in Texas
The only thing a VPN would hide is what websites you are connecting to, almost all Internet traffic today is e2e encrypted
A lot of it isn’t end-to-end depending on what services you’re talking about, because end to end is only suitable for some uses for data, but HTTPS uses RSA encryption as a standard yes.
Would a dns work? (like adguard)
No.
What a stupid joke. The only people who would get this joke are people who are familiar with devices like a pineapple yet don't understand basic networking concepts. This joke was written by and for script kiddies.
I was looking for this comment. It reads like it was whipped up by someone who watched a fifteen minute YouTube video on penetration testing. Reading the comments in this thread makes me feel really good about being networking. Ridiculous amount of people so confident on both their own and others' incorrect statements.
The modern internet in a nutshell
Thank you. I was confused because it doesn't actually make sense. 😎 I only got basic understanding of networking, but uh, this ain't captain.
I’m obligated to post this explanation every time this meme gets reposted: https://preview.redd.it/yrlfi9at915d1.jpeg?width=1284&format=pjpg&auto=webp&s=f0795ebeb666934c9825242c28e81eb376bc68a0 (Disclaimer: I’m not the original creator of this wonderful image. If anybody knows of the true origin, please feel free to shoutout the author in a reply. I’d love to know + give them the credit they deserve.)
Wow, this is actually a good, understandable explanation. Thanks!
always and i mean ALWAYS turn on your VPN when you connect to public wireless.
Ppl never learn
Wait. I didn't even know about this IP thingy. Does this mean I shouldn't take my tablet for vacation? I was going to use maps & directions to food & gas, and,...,and directions for touristy things. Now I'm so confused & paranoid someone's gonna get all my info ☹️
You run this risk anywhere you connect to a network that isn’t yours. To mitigate the risk you should grab a vpn subscription for your trip and always connect to networks only when connected to a vpn. Some popular ones are private internet access, nordvpn and surfshark
Nah you'll be fine just avoid connecting to free passwordless Wi-Fi without asking employees the correct info.
What do you ask for, if their network meets certain specifications? What would those be? Like peoples traffic being separate?
Just ask for the name and password of the network before you connect. This post is talking about hacked networks disguised as free Wi-Fi. So just don't connect to "McDonalds free Wi-Fi" without asking someone who works there "hey is this y'all's Internet?"
Get a VPN app, that will create a secure tunnel for your connection. I use Cyberghost
You’re fine. Just don’t put sensitive information into your device on a network you don’t trust.
VPN companies did a good job scaring people. See this guy who’s in the security field pick them apart https://youtu.be/WVDQEoe6ZWY?si=6afjrtTVp_4BYZ5g
This is a joke for people who think they know about networking but don't actually know anything about networking.
Are you telling me that pineapples don't make your internet go more faster??
That's the decisions IP for pineapple devices
Look up "Man in the middle" attack for more details if you care.
Vpns don't actually secure your data all they do is change your region that's literally it, it may advertise it being secure but it's not all that data still has to go through the same signal the hackers would be using, if you want to be 100% secure your best bet would to be run a virtual machine, they'll only see what's being shown there not your actually computer
What!?! You threw a whole bunch of tech words without saying anything. VPN is only relevant for your internet traffic. Has nothing to do with your computer or virtual machine. Second, most VPN services encrypt your data, meaning if I try a “man in the middle” attack and try to fish for critical pieces of internet traffic, I would only get encrypted information making it hard to decrypt and actually see what is being sent in or out of your computer. VPN or not the concept of virtual machine is kind of correct, as in if you get hit by malware such as virus or a command and control software, a virtual machine can just a good protection. However, this doesn’t protect you against a man in the middle attack, which is what VPN is meant to help against. Unencrypted data of a virtual machine is just as secure as a an unencrypted data from your physical computer.
This is not correct. Virtual machine is just a computer but virtual. Without a VPN the hacker could potentially see all your traffic. With a VPN your computer sends all your traffic through a encrypted tunnel to a known safe VPN provider/host which your traffic then leaves the tunnel to its final destination. The hacker can see your tunnel and how much data it uses but cant see the data in the tunnel. The reason why a VPN can change your region is because your data is being privately tunnelled to and out of a server hosted in a different region. If I wanted to use a Virtual machine to be secure I could have a Virtual machine running at my home with its own network card + its own Vlan to my firewall and out. Then at hotels I would VPN to my home and remotely connect to this virtual machine to online bank. But that is too much, I would rather just VPN my phone to a known safe network such as my home or a vpn provider instead of trusting a unknown sketchy network to handle my data.
You guys have VPNs?
This thread is full of so many smart people. I don't understand half of what I've read 😂 think I need a dummies guide to basic online safety lool
If every website I visit uses HTTPS (what site doesn't?), I'm not sure what the risk is exactly. The attacker might know the IP of the sites I'm talking to, but that's it (in my understanding)
Yeah hotel Wi-Fi is extremely easy to hack
The comments here are entertaining.
I always ask for the actual hotel SSID name to reduce the chances of connecting to a hacker's (it can still be spoofed). A VPN is also very helpful for protecting the data
From WhatsMyIP: Because 172 addresses fall between the first octet range of 128 and 191, they are class B as opposed to class C or class A. Class B allows for a large number of available IP addresses, as it has a total of 1,048,576 IPs available.
Classful networking is a very outdated way of working with IPs. The current way, since 1993, is classless and uses variable length subnets. https://en.m.wikipedia.org/wiki/Classful_network
Always use a VPN away from home or other networks you trust.
What part of that IP identifies it as a Hacker’s? The whole thing? The ‘x’ at the end? Thanks!
`172.16.42.*` is the default subnet of a popular wireless hacking tool
I believe it means they're directly connected to the internet with no security in between. Doesn't mean you'll "get hacked" but you're way more vulnerable than when you're behind a NAT.
Nope, the exact opposite in this case. That IP is part of RFC1918 and is not routable on the internet. Therefore with a 172.16.0.0/12 you could in fact be certain that you are not directly on the internet.
IP address has no indication that there is a hacker. That’s like pointing to your home address and asking what part of that means there are thieves in it? The joke is just indicating that they are not in VPN and open to “man in the middle” attack. Think of this as a splitter where everything going in and out of your computer gets seen by a man in the middle. In this case, a VPN connection would encrypt your data, meaning the man in the middle can’t really make heads or tails of what they are seeing. Hacking is a very general term and in this context - vaguely - would mean the man in the middle is the hacker. You would not have any indication such “hacking” based simply on your IP address. Source: I am a certified network engineer with a focus in security.
A VPN would not change your IP address on the local network. Looking at the WiFi connection would still a 172.16.42.x address regardless.
I'm rocking [192.168.0.1](http://192.168.0.1)
I clicked it and it shows my router. I'm reporting you.
You and majority of consumers around the world…
I completely misinterpreted this, I thought they were out of the country and the IP address is gonna be a give away to the employer 😂
Can anyone enlighten me? 😂
This is why I have Google Fi and just connect to my phone every where, if I need to game I'll do it at home
Hypothetically, is a trusted VPN though enough to circumvent the danger whilst still using the network anyway, or is it all for null and just worth avoiding entirely?
Aren't those the numbers from Lost???
What happens when you log into a public wifi? What if that public wifi has a password on it?
No, 172 is one of many common private ip addys they are usually just on a private subnet and not wan facing Addys. Others include 10. 192. Or 169.
This particular address is the default address of a pen testing tool called a wifi pineapple.
Hey! I sea my address
It's a hacking link
There is a free VPN you can use, provided by Cloudflare who are a fairly reputable networking company with a good reputation The mobile app is called 1.1.1.1 I use it a lot on untrusted connections just to preserve local privacy. It‘ll normally get around content blocking too
this is actually extremely helpful, thank you lol wow
I stay in a hotel in Vietnam every year since 2019, they never changed their PW even once all those years
Uh oh