diff options
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | SECURITY.md | 2 |
2 files changed, 2 insertions, 1 deletions
@@ -9,6 +9,7 @@ This mod doesn't make you 100% safe, but it makes it much harder to steal your s ## Staying Safe
In order to work around an unpatchable security vulnerability, rename the NoSession jar to !.jar so it can load its protection before any other mods.<br>
+You should also use [MultiMC](https://github.com/MultiMC/Launcher/) or one of its derivates [PolyMC](https://github.com/PolyMC/PolyMC) or [PrismLauncher](https://github.com/PrismLauncher/PrismLauncher), because they use launch Minecraft in a way that improves security.<br>
This only protects you from other mods. There are fake verification sites that can steal your session ID through that method.<br>
Don't login with Microsoft OAuth to anything except maybe your Minecraft launcher. You may also want to verify the signature on any NoSession binary. It's signed with [pandaninjas' GPG key](https://raw.githubusercontent.com/pandaninjas/pandaninjas/main/pandaninjas-publickey.key).
diff --git a/SECURITY.md b/SECURITY.md index d9d5e6d..c64722e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,7 +7,7 @@ Currently all versions are supported. | Version | Supported | | ------- | ------------------ | | 1.0.0 | ✔️ | - +| Any nightly branch | ❌ | ## Reporting a Vulnerability A vulnerability is currently defined as being able to get the session ID with only a mod that gets loaded after NoSession loads its tweaker.<br> |