How to protect your self against wifi scams
-
This is a great example of saying unrelated facts to make it sounds like it's a big deal.
Also sounds like their security expert/professor doesn't really know what they are talking about.Sure you can do DNS poisoning for http. but for SSL/HTTPs you You would get a warning about the cert on your browser. Considering any reputable root ca requires ownership of the domain to generate the SSL cert. So I'm not sure exactly what their point was here other than to scare people. Yes if you enter your credit card info and password on his own portal sure he has it. But why would you be doing that anyway. It seems like the focus is very much on the wrong issue of staying away from wifi you don't know about than where and when you should be entering information like that.
-
Really this risk is no different than the issue that happened to Anthem with HR entering their login information at we11point.com instead of wellpoint.com. It's not the correct site. The same risk occurs regardless of the wifi or not. (and of course making sure it's ssl)