On 12/12/14, 1:33 AM, "Javier J" <javier@advancedmachines.us> wrote:
What stops someone from going down to the center of town, launching a little wifi SSID named xfinitywifi and collecting your customers usernames and passwords?
WG] nothing. But then again, the same argument can be made for *any* wireless network that does authentication via a portal, because it becomes a standard phishing spoof problem that is dependent on how well you imitate the portal in question. Not really a comcast-specific problem, though this blog demonstrates exactly what you suggest: https://blog.logrhythm.com/security/xfinity-pineapple/ Hotspot 2.0 is intended to help with this problem to some extent. http://www.cisco.com/c/en/us/solutions/collateral/service-provider/service- provider-wi-fi/white_paper_c11-649337.html Wes George This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.