cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: Xavier Llamas Comellas <xavier.llamas.comellas AT liu.se>
- Cc: "cat-users AT geant.net" <cat-users AT geant.net>
- Subject: Re: [cat-users] Eduroam for iphone 5S with iOS 8.02
- Date: Wed, 01 Oct 2014 08:20:25 +0200
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
- Openpgp: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hi,
> I reset the network settings with no success last week. But I managed to
> connect to eduroam without preinstalling the CAT profile.
>
> I just connected to eduroam straight (After reseting previous wifi
> configurations on eduroam), entered username and password and after it
> connected I got to accept a “certificate” similar to the CAT profile
> installer. It works so just for you to know..
>
> Thanks for your help anyway.
So you turned off all security checks and sent your password to
"someone", who might with a bit of luck (i.e. if the connection failure
was indeed "just" a technical error) be your university, or with a bit
of less luck (i.e. if someone set up an evil twin network, and your
device *rightfully* didn't connect you) be an attacker who just learned
your password.
Granted, chances are that you were lucky this time, because the
brokenness coincided with your update to iOS 8, hinting towards this
technical error, but permanently not using a profile with cert checks,
and randomly clicking "Accept" on incoming certificates is not a very
safe idea.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- Re: [cat-users] Eduroam for iphone 5S with iOS 8.02, Stefan Winter, 10/01/2014
Archive powered by MHonArc 2.6.19.