[SSL Observatory] https://controller.mobile.lan
Jacob Appelbaum
jacob at appelbaum.net
Mon Feb 6 13:25:58 PST 2012
On 02/06/2012 10:22 PM, Ralph Holz wrote:
> Hi,
>
>> I'm at a hotel in Munich and I found a rather funny cert performing a
>> full MITM for *:443 - https://controller.mobile.lan is signed by VeriSign.
>
> Can you please confirm that this is not just the capture portal of Hotel
> König Ludwig? I wouldn't be surprised. That subject line points to it,
> too: Securepoint Gmbh, a company in the German state of Niedersachsen:
>
It's a captive portal - the reason it's interesting is that Verisign is
signing .lan - around the time they were owned in 2012, even.
> https://www.securepoint.de/
>
> Or is this really the cert you get *after* you've gotten past the
> authentication step in the portal and should have unintercepted
> connectivity? That would be grave.
They still filter and tamper but the mitm is only a catch-all until
you've clicked through some forms.
All the best,
Jacob
More information about the Observatory
mailing list