I'm currently staying in a Best Western hotel in Eureka, CA, avoiding the Bay Area heat wave, and I noticed something remarkable: the hotel's free WiFi network performs automatic man-in-the-middle interception of all SSH traffic. I've literally never seen this before on public WiFi… Check it out:

$ ssh github.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256 …

I received an e-mail today at my work address with the subject [Feature Ideas [Customers Only]] - [Survey] The G Suite Admin Experience team wants to learn your needs around data/resource access boundaries which looked like the following:

Quick — is this real or is this spam? What would you look for?

Me, the first thing I'd look for is a source address that matches a domain I trust. Then I'd confirm via SPF and DKIM that the e-mail was from a valid sender in that domain. Well, let's take a look here… cloudconnect.goog; I don't know what the hell …