Now I’m not able to login to my Firebase console even from another laptop.
What’s going on here?
https://www.cisa.gov/news-events/alerts/2024/09/18/apple-rel...
This is well known within both the security community and Mac Sys Admin community.
Is it for backward compatibility with old devices?
Why isn't the standard that when connecting to a wifi without password, everything would be just like if there was a (fake) "public password" like the string "password", so that traffic is still encrypted?
If you have a password, it means that you select who can be part of that network (and hence who can reach your computer). If you don't have a password (e.g. a guest network somewhere), then there is no selection at all.
Now, if you let anyone connect and have a "fake" password, you still don't have any filter and should know that you are on a "public" network (i.e. you should not blindly trust other devices). So it's actually better to be able to see that you are on a "public" network (versus a "trusted" network like your home LAN).
Or did I misunderstand your question?
If you get to login, check your compute resources since most of these bots just deploy tons of compute and use them for DDOS. This can be in the hundreds of dollars per hour figure.
It is possible to have your session hijacked when using any wifi really, its a lot harder on secured wifi though.
I only tether to my phone now in public, and never use unsecured wifi for anything.
Google did send me two Security alerts (one for each laptop) when I tried signing in yesterday with my old pwd. So they must have reset my password or something?
In any case, lesson learned: never connect to an unsecured Wi-Fi again! (I rarely do, but I was at this conference last week trying to demo Appomate AI, and was wanting it to be as snappy as possible. Bad decision!)
In case of an unsecured WiFi connection this is of course much more dangerous even.
I would’ve thought they would let devs handle it because if anything they’re more capable of these kinds of things (not counting myself ofc :-))
The only difference with "unsecured WiFi" is its lack of key and encryption.
You've said nothing about who provided that WiFi service, where it was, or anything. Plenty of reputable and well-managed WiFi networks are unsecured these days. Even my ISP runs them; they're perfectly safe. I don't use a VPN.
We're not your tech support department, and it's impossible for us to troubleshoot your bugs with so little information. Your local machine got messed up somehow. It sounds like PEBKAC. What leads you to believe that the WiFi network was to blame? No, I don't care.
Take your machine to an Apple store or something. Contact the administrator of the WiFi network. Go to Geek Squad. Factory reset and reinstall your computer. Who knows how you've shot yourself in the foot?
I have negative feelings towards this sort of long winded holier than thou garbage.
And it's a documented self inflicted "why does nobody want to contribute to $project?" By burned out devs.
I always tell him he is being paranoid, because every app, especially the ones het finds important (like banking) encrypt their traffic. So who cares if the WiFi layer is encrypted or not.
For the people that do use WiFi away from home: It's easy to create an access-point that is malicious and has wpa2. Also, wpa2 isn't that great anymore, right?
I could tell him to just use a (trustworthy) free vpn (ie protonvpn, or just pay for mullvad) if he really needs to connect. That would take care of his concerns.
Am I wrong?
While it may be paranoid, there are still risks involved with connecting a device to an untrusted network
I started panicking, going over to people around me asking if they've ever experienced such a thing. All I got was a bunch of "huh? no never"s.
I found out a couple hours later that by pure coincidence my friend pranked me right then by signing my email address up for all the spam newsletters etc. he could find....
But I definitely panicked too and still a worried if I carried something over to my home network.
I’m a developer and at least superficially aware of the issues. Can’t imagine what non techies go through when faced with such situations!!
I really need to let go of these self-sabotage tendencies fast!!
By default, I tether my phone. In the places that's not possible, the public WiFi is typically part of large scale infrastructure like an airport.
The biggest practical advantage of tethering is not security. It's repeatability. Sure security matters and I trust my phone's security. But not having to navigate other people's ideas of internet access is why I tether.
Good luck.
