ebfe1

While we try our best to lock down our laptop, close open ports, run littlesnitch, ufw but it is always an unease to connect them directly to an public wifi, worrying about some 0day that allow someone in local lan to hack it.

What I sometimes do is to use my phone connecting to the free wifi and simultaneously hotspotting it to my laptop - It feels better to have something in between blocking random nmap scans.

Anyone else doing this? Is there other tricks you do?

Let’s hear it… As developers and engineers, I think we should all adopt the “assume breach” mentality.

Do you have your own personal tricks to stay safe?

I’ll start: I like to drop canary tokens on my personal machines, servers, and even in the AWS config file under the "admin" profile. I also use an old Raspberry Pi running knockd that triggers a simple bash script to alert me via Slack if someone scans my home network.

I used to have a cron job that hit my server’s website on specific URL paths, one for HTTP and a different one for HTTPS.

Each path included an encrypted version of current Wi-Fi name. Every time those endpoints were accessed, I’d get a Slack notification. The idea was that if someone managed to MITM my traffic and got curious enough to check the URLs, it would alert me.

There’s more, but I’m curious—what tricks do other HN-ers use?