Starbucks is now requiring a name and email address to use their WiFi. It’s still a captive portal. I didn’t do it, and won’t, regardless of VPN....
Let’s ignore temp/anon email for the moment. Implications for normal users?
not sure how I feel about this. #infosec Thoughts?
The only way they could implement social media sign-on without already giving you access to visit the supported social media sites is by asking you to hand over your password for the SM site to their login system, then turning around and using it to login as you.
-
-
No you're wrong bc Aruba ClearPass.
-
Do you have a citation for the technical details of what they claim it can do? Just Googling gives nothing but marketing blabber.
-
It's a NAC device that authenticates ppl getting onto a network. It collects MAC addresses and makes sure devices are up to date w security patches, etc. You can set it up to collect email or login via social media... and that is meant for marketing purposes.
-
I don't know if that's enough info for you... I basically repeat marketing blather.

-
It looks like this is a product intended for enterprise networks that requires installing special software on client device, probably including MITM root certificates. This seems correct based on the capabilities advertised.
-
My guesses are based on the first technical article I was able to find about it:https://pnmackenzie.tumblr.com/post/93679405099/is-your-aruba-clearpass-onbaoarding-exposing-your …
-
Thanks! Good blog. It does say it requires a download. I wonder if the vulnerabilities were fixed, also.
-
This video also shows downloading an executable and running it, bypassing the warning about doing so.https://youtube.com/watch?v=ClEWaEsCjFw …
- 3 more replies
New conversation -
-
-
This is an extreme no-no and would get them banned from accessing the SM site immediately, and probably even sued.
-
The way legitimate SM-based login works involves your logging in to the SM site (always via https, with the ISP/hotspot unable to see what you're doing except what site it is) and getting back cryptographic proof of identity for your browser to pass to site you're logging in to.
End of conversation
New conversation -
-
-
I really think you're wrong bc of NAC tools. However, I invite the conversation.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.