The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

> I reset the network settings with no success last week. But I managed to
> connect to eduroam without preinstalling the CAT profile.
> 
> I just connected to eduroam straight (After reseting previous wifi
> configurations on eduroam), entered username and password and after it
> connected I got to accept a “certificate” similar to the CAT profile
> installer.  It works so just for you to know..
> 
> Thanks for your help anyway.

So you turned off all security checks and sent your password to
"someone", who might with a bit of luck (i.e. if the connection failure
was indeed "just" a technical error) be your university, or with a bit
of less luck (i.e. if someone set up an evil twin network, and your
device *rightfully* didn't connect you) be an attacker who just learned
your password.

Granted, chances are that you were lucky this time, because the
brokenness coincided with your update to iOS 8, hinting towards this
technical error, but permanently not using a profile with cert checks,
and randomly clicking "Accept" on incoming certificates is not a very
safe idea.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature