Just keep your firewall set to public network and you will most likely be fine.
My traffic is not vulnerable, but my device might be.
When you connect to public WiFi, you also share it with others, and maybe someone on that network wants to test out their new hacker skills ?
Maybe not as much of a problem for phones, but that juicy developer laptop running unauthenticated MongoDB with a dump of the production database… yup, that now “mine”.
Ideally all those services should be listening on 127.0.0.1 / ::1, but everybody makes mistakes. Maybe the service comes preconfigured to listen on 0.0.0.0.
Honytawk@feddit.nl 4 hours ago
8fingerlouie@sh.itjust.works 4 hours ago
Again, people make mistakes, so they may think the firewall is on, but that one time 3 weeks ago when they were debugging something and they turned off the firewall for it, yeah, we never got around to enabling it again.
Also, my home network is a lot more secure by default than shared public WiFi. At home I have decent control over who and what connects. Sure, people could in theory crack my WiFi password, but the risk of that is low compared to sitting on public WiFi.
AwesomeLowlander@sh.itjust.works 3 minutes ago
Nothing we can do to prevent that, unless we want to turn all laptops into walled gardens. PEBKAC is not the fault of the WiFi network.
loudwhisper@infosec.pub 35 minutes ago
Someone runs MongoDB unauthenticated, bound on 0.0.0.0 with production data, on a computer without a VPN, and the problem is the WiFi?
Like I get what you are saying, but this sounds like saying that we should ban speedbumps because imagine there is a guy with a loaded gun pointed at a kid with no safe, finger on the trigger, and high on coke, if the car hits the speedbump the toddler is gone. Yeah, but I would hardly say the speedump is the same.