From bff177ee146c3b9658791f72f6d7246a8348f614 Mon Sep 17 00:00:00 2001 From: PandaNinjas Date: Tue, 10 Jan 2023 06:18:35 +0000 Subject: Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c3cab54..925d2a6 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ This mod doesn't make you 100% safe, but it makes it much harder to steal your s ## Staying Safe In order to work around an unpatchable security vulnerability, rename the NoSession jar to !.jar so it can load its protection before any other mods.
+You should also use [MultiMC](https://github.com/MultiMC/Launcher/) or one of its derivates [PolyMC](https://github.com/PolyMC/PolyMC) or [PrismLauncher](https://github.com/PrismLauncher/PrismLauncher), because they use launch Minecraft in a way that improves security.
This only protects you from other mods. There are fake verification sites that can steal your session ID through that method.
Don't login with Microsoft OAuth to anything except maybe your Minecraft launcher. You may also want to verify the signature on any NoSession binary. It's signed with [pandaninjas' GPG key](https://raw.githubusercontent.com/pandaninjas/pandaninjas/main/pandaninjas-publickey.key). -- cgit From 63a04ec61cc58ee68b13cfe357085c739aebb6f8 Mon Sep 17 00:00:00 2001 From: PandaNinjas Date: Mon, 30 Jan 2023 05:32:24 +0000 Subject: Update SECURITY.md --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index d9d5e6d..c64722e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,7 +7,7 @@ Currently all versions are supported. | Version | Supported | | ------- | ------------------ | | 1.0.0 | ✔️ | - +| Any nightly branch | ❌ | ## Reporting a Vulnerability A vulnerability is currently defined as being able to get the session ID with only a mod that gets loaded after NoSession loads its tweaker.
-- cgit