I never preach “buying into the hype” N8OUZ. I preach being knowledgeable and being prepared. The best way to help explain the seriousness of this exploit to non-technical people is by comparing it to something they’ve already heard about on the news and understand. In that sense, I absolutely maintain that this is the most dangerous hack since the Equifax hack. It’s actually an exploit that can be leveraged and not a “hack”, so if I were to be 100% accurate, I’d have used the phrase “the most dangerous exploit since the Equifax hack”, but the underlying claim is still 100% true to me.
This one is a killer.
It takes very little to pull off the exploit right now, so I’m surprised to hear how cavalier you sound. If you want to “realistically use this attack in the wild”, all that’s required for a would-be hacker is to set up an open WiFi hotspot in a popular WiFi location, name it something similar to the location’s normal WiFi name and then… just wait for people to join the spoofed network and run the exploit. This tactic is old, powerful and far more common than you’re letting on.
Be out in front, I say. Be prepared. Have the knowledge and the tools you’ll need, especially if you’re the type of person whoever transmits sensitive information online. Which is, let’s be frank, most of us.
I’m glad you got something out of the article in regards to using a VPN. I’d still recommend that you update your other devices though… :)