18 Mar
2013
18 Mar
'13
1:09 p.m.
Alan DeKok wrote:
I'd suggest putting up a web page explaining how you can steal android credentials via a malicious AP. If you can get it to do TTLS + PAP for a random certificate, that's good for a CERT issue. And they'll pay attention to that.
The FreeRADIUS-WPE patches have been out since at least 2008, but I guess having something that specifically shows an Android yielding up credentials might be more provocative, yes.