Hot take:
When I see general* "security advice" that mentions "do not use public WiFi" or "use a VPN", I am immediately suspicious about all other advice offered.
Yes, a decade ago that was a consideration, because most sites were not using HTTPS. Credentials were flying cleartext on the wire.
Today, almost all sites use HTTPS.
*) "general" meaning "without a very specific threat model in mind", meant for general public, etc.
#InfoSec
Michał "rysiek" Woźniak · 🇺🇦 /
npub1dp…tsckl
2024-06-07 14:59:14
Author Public Key
npub1dpgpternuccjgfyv3pgjkvtrv9pwk0kjf65pqed3urms39mtcjgs2tscklPublished at
2024-06-07 14:59:14Event JSON
{
"id": "327c9af87a49f848fce1d9b2a7388e0767bd1bef103764aa17022bd78e0391c8",
"pubkey": "685015e473e63124248c88512b31636142eb3ed24ea81065b1e0f708976bc491",
"created_at": 1717765154,
"kind": 1,
"tags": [
[
"t",
"InfoSec"
],
[
"proxy",
"https://mstdn.social/users/rysiek/statuses/112575457144211032",
"activitypub"
]
],
"content": "Hot take:\n\nWhen I see general* \"security advice\" that mentions \"do not use public WiFi\" or \"use a VPN\", I am immediately suspicious about all other advice offered.\n\nYes, a decade ago that was a consideration, because most sites were not using HTTPS. Credentials were flying cleartext on the wire.\n\nToday, almost all sites use HTTPS.\n\n*) \"general\" meaning \"without a very specific threat model in mind\", meant for general public, etc.\n\n#InfoSec",
"sig": "85a7d65ebad9dbae41c812aea0ece353a367e6c55d1d4eef2da86d1aab24947be2357eedfcc7236190819bdbec5f69ea564610f55c3716d23514805a6d9260dd"
}