Alan DeKok wrote: > I'd suggest putting up a web page explaining how you can steal android > credentials via a malicious AP. If you can get it to do TTLS + PAP for > a random certificate, that's good for a CERT issue. And they'll pay > attention to that.
The FreeRADIUS-WPE patches have been out since at least 2008, but I guess having something that specifically shows an Android yielding up credentials might be more provocative, yes. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html