Starbucks is now requiring a name and email address to use their WiFi. It’s still a captive portal. I didn’t do it, and won’t, regardless of VPN....
Let’s ignore temp/anon email for the moment. Implications for normal users?
not sure how I feel about this. #infosec Thoughts?
-
-
My guesses are based on the first technical article I was able to find about it:https://pnmackenzie.tumblr.com/post/93679405099/is-your-aruba-clearpass-onbaoarding-exposing-your …
-
Thanks! Good blog. It does say it requires a download. I wonder if the vulnerabilities were fixed, also.
-
This video also shows downloading an executable and running it, bypassing the warning about doing so.https://youtube.com/watch?v=ClEWaEsCjFw …
-
It's not clear to me if you *can* use it without installing backdoors into the client, but lots of the claims seem implausible without control of the client device.
-
Ok here's a cool video that shows how they set up the splash page that captures your info. They use a RADIUS server and the guest just needs to set up their account:https://youtu.be/jXyd_q7T7aE
-
New conversation -
-
-
Each device needs a license, but I didn't think a client was needed. I'm pretty sure no download necessary.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
