This is the reason to use a VPN. Not to protect your identity, or to watch region-locked content, but to remove the need to blindly trust developers to always use best practice, and/or blindly trust the strangers that you share public networks with.
Apple has revealed a Passwords app vulnerability that lasted for months
Submitted 3 weeks ago by elric@lemm.ee to technology@lemmy.world
https://www.theverge.com/news/632108/apple-ios-passwords-app-bug-vulnerability-phishing-attacks
Comments
codenamekino@lemmy.world 3 weeks ago
dan@upvote.au 3 weeks ago
You have to instead blindly trust the company that runs the VPN, though. Some of them intentionally obscure who owns the VPN service given they’re often used for things like P2P and spam.
The best VPN is one you run yourself. If you’re on an insecure network like a coffee shop, you can route traffic through a known secure network like your home or a VPS/server you rent.
codenamekino@lemmy.world 3 weeks ago
Absolutely true. I have a paid VPN service that hardly gets used, but I call home with Wireguard multiple times a day (usually not for the encryption, though). Most basic home routers include a VPN feature as well, and it doesn’t require much technical ability to configure beyond a quick web search for the router model and what the hell DDNS means.
seconded@lemmy.world 3 weeks ago
As 9to5Mac writes, the Passwords app was sending unencrypted requests for the logos and icons it shows next to the sites your stored passwords are associated with. The lack of encryption meant an attacker on the same Wi-Fi network as you, like at an airport or coffee shop, could redirect your browser to a look-a-like phishing site to steal your login credentials. It was first discovered by security researchers at app developer Mysk.