[SSL Observatory] https://controller.mobile.lan
Ralph Holz
holz at net.in.tum.de
Mon Feb 6 13:31:15 PST 2012
Hi,
> It's a captive portal - the reason it's interesting is that Verisign is
> signing .lan - around the time they were owned in 2012, even.
That's what I've thought. They probably doing it so secure the captive
portal against simple sniffing of the wireless traffic. It's going to
work against anything but an active attacker.
Not secure, but barriers a bit higher.
>> Or is this really the cert you get *after* you've gotten past the
>> authentication step in the portal and should have unintercepted
>> connectivity? That would be grave.
>
> They still filter and tamper but the mitm is only a catch-all until
> you've clicked through some forms.
OK; that's reassuring. We can put that Securepoint GmbH on our list of
interesting companies (there was a Wiki somewhere?), if it's not already
there.
Ralph
--
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20120206/9de02eb4/attachment.sig>
More information about the Observatory
mailing list