18 Mar
2013
18 Mar
'13
11:58 a.m.
Hi,
I'd suggest putting up a web page explaining how you can steal android credentials via a malicious AP. If you can get it to do TTLS + PAP for a random certificate, that's good for a CERT issue. And they'll pay attention to that.
dont even need that. if it doesnt check/trust the certificate then PEAP/MSCHAPv2 is also open and ready to be unpeeled. alan