Re: [Discuss] Braintree Plaza Wifi
Is the MITM cert their logon page? I've been annoyed at logon in Simon malls and use my cellWAP instead. I have a habit of checking personal and work servers from various locations. If I remember correctly I only checked Google and my server. They didn't break HTTPS until I visited my personal server that uses Let's Encrypt. No browser warning until then. Viewed cert and they were trying to pass one from AT Disturbing. Eric ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Braintree Plaza Wifi
Is the MITM cert their logon page? I've been annoyed at logon in Simon malls and use my cellWAP instead. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Braintree Plaza Wifi
On 4/3/2017 11:05 AM, Eric Chadbourne wrote: > The other day I'm at Red Robbing grabbing a burger and I log into the > only open wifi accessible. I notice that when you go to a popular > website like google all is fine. When you go to a lesser known > website using https (in this case a personal server in Europe) it > does a man in the middle using an invalid cert from AT I didn't > have time to play with it more. Such interesting behavior. Yeah, I have two things I do to work past this. First, I change DNS servers to use OpenDNS immediately after obtaining DHCP leases. Second, all of my browser traffic is proxied. I mostly use SOCKS over SSH to my server at home. Sometimes I use Tor. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Braintree Plaza Wifi
On 4/3/17 11:05 AM, Eric Chadbourne wrote: I notice that when you go to a popular website like google all is fine. When you go to a lesser known website using https (in this case a personal server in Europe) it does a man in the middle using an invalid cert from AT Could it be part of a content filtering setup? With https they can't watch the content itself unless this sort of a MITM configuration happens--requiring the user to accept what appears to be an invalid certificate. In my personal experience both Ruckus and Cradlepoint have options built into their offerings to enable this sort of invasive behavior in the name of filtering the content--usually deployed where there is free WiFi to the general public and they want to attempt to minimize people looking at things are not appropriate for that venue. It may only take over when visiting domains that aren't on their white-list which could explain why Google makes it through OK. LinkNYC had all sorts of trouble last year when some members of the local homeless population were using the kiosks and free WiFi to view pornography and perform inappropriate acts in public. -Ethan ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Braintree Plaza Wifi
The other day I'm at Red Robbing grabbing a burger and I log into the only open wifi accessible. I notice that when you go to a popular website like google all is fine. When you go to a lesser known website using https (in this case a personal server in Europe) it does a man in the middle using an invalid cert from AT I didn't have time to play with it more. Such interesting behavior. - Eric ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss