Anyone from Southwest Airlines on this list? On a recent flight I discovered I couldn't complete payment through PayPal because my web browsers properly noticed that the Southwest Airlines SSL certificate that the captive portal was giving for PayPal didn't match up. =) I had to create an exception for PayPal just to complete payment. Frank
You should change your paypal password. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Frank Bulk Sent: Saturday, February 27, 2016 10:27 AM To: nanog@nanog.org Subject: Southwest Airlines captive portal Anyone from Southwest Airlines on this list? On a recent flight I discovered I couldn't complete payment through PayPal because my web browsers properly noticed that the Southwest Airlines SSL certificate that the captive portal was giving for PayPal didn't match up. =) I had to create an exception for PayPal just to complete payment. Frank
You got MITM'd On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke <damien@supremebytes.com> wrote:
You should change your paypal password.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Frank Bulk Sent: Saturday, February 27, 2016 10:27 AM To: nanog@nanog.org Subject: Southwest Airlines captive portal
Anyone from Southwest Airlines on this list?
On a recent flight I discovered I couldn't complete payment through PayPal because my web browsers properly noticed that the Southwest Airlines SSL certificate that the captive portal was giving for PayPal didn't match up. =) I had to create an exception for PayPal just to complete payment.
Frank
Likely. Let Southwest know, and as others have said, change your password. Hopefully it was unique to PayPal. -Pete On 2/27/16, 15:09, "NANOG on behalf of Paras Jha" <nanog-bounces@nanog.org on behalf of paras@protrafsolutions.com> wrote:
You got MITM'd
On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke <damien@supremebytes.com> wrote:
You should change your paypal password.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Frank Bulk Sent: Saturday, February 27, 2016 10:27 AM To: nanog@nanog.org Subject: Southwest Airlines captive portal
Anyone from Southwest Airlines on this list?
On a recent flight I discovered I couldn't complete payment through PayPal because my web browsers properly noticed that the Southwest Airlines SSL certificate that the captive portal was giving for PayPal didn't match up. =) I had to create an exception for PayPal just to complete payment.
Frank
I was MITMed, but not maliciously, but by Southwest Airline’s system (which uses Row44). The site doesn’t have to be pinned for a browser to throw up a warning about the SSL certificate not matching the URL. I did connect with an SWA employee. Frank From: Paras Jha [mailto:paras@protrafsolutions.com] Sent: Saturday, February 27, 2016 5:09 PM To: Damien Burke <damien@supremebytes.com> Cc: Frank Bulk <frnkblk@iname.com>; nanog@nanog.org Subject: Re: Southwest Airlines captive portal You got MITM'd On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke <damien@supremebytes.com <mailto:damien@supremebytes.com> > wrote: You should change your paypal password. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org <mailto:nanog-bounces@nanog.org> ] On Behalf Of Frank Bulk Sent: Saturday, February 27, 2016 10:27 AM To: nanog@nanog.org <mailto:nanog@nanog.org> Subject: Southwest Airlines captive portal Anyone from Southwest Airlines on this list? On a recent flight I discovered I couldn't complete payment through PayPal because my web browsers properly noticed that the Southwest Airlines SSL certificate that the captive portal was giving for PayPal didn't match up. =) I had to create an exception for PayPal just to complete payment. Frank
On 27 February 2016 at 10:26, Frank Bulk <frnkblk@iname.com> wrote:
Anyone from Southwest Airlines on this list?
On a recent flight I discovered I couldn't complete payment through PayPal because my web browsers properly noticed that the Southwest Airlines SSL certificate that the captive portal was giving for PayPal didn't match up. =) I had to create an exception for PayPal just to complete payment.
Frank
I think it is PayPal you should be contacting instead. PayPal User Agreement requires that you maintain adequate security of your account credentials, and immediately notify PayPal that your password has been compromised. https://www.paypal.com/webapps/mpp/ua/useragreement-full
1.6 Password Security and Keeping Your Email and Address Current. You are responsible for maintaining adequate security and control of any and all IDs, passwords, personal identification numbers (PINs), or any other codes that you use to access the Services. ...
12.2 Notification Requirements.
You should immediately notify PayPal if you believe: there has been an unauthorized transaction or unauthorized access to your Account; there is an error in your Account Profile or activity or transaction confirmation sent to you by email; your password or PIN has been compromised; ...
C.
On Sat, 27 Feb 2016, Constantine A. Murenin wrote:
On 27 February 2016 at 10:26, Frank Bulk <frnkblk@iname.com> wrote:
Anyone from Southwest Airlines on this list?
On a recent flight I discovered I couldn't complete payment through PayPal because my web browsers properly noticed that the Southwest Airlines SSL certificate that the captive portal was giving for PayPal didn't match up. =) I had to create an exception for PayPal just to complete payment.
Frank
I think it is PayPal you should be contacting instead.
PayPal User Agreement requires that you maintain adequate security of your account credentials, and immediately notify PayPal that your password has been compromised.
https://www.paypal.com/webapps/mpp/ua/useragreement-full
1.6 Password Security and Keeping Your Email and Address Current. You are responsible for maintaining adequate security and control of any and all IDs, passwords, personal identification numbers (PINs), or any other codes that you use to access the Services. ...
in theory I suspected I was almost mit'med once, I have notified them immediately and got a standard blurb about keeping my anti virus software up to date... Marcin
On Sat, Feb 27, 2016 at 3:26 PM, Frank Bulk <frnkblk@iname.com> wrote:
Anyone from Southwest Airlines on this list?
On a recent flight I discovered I couldn't complete payment through PayPal because my web browsers properly noticed that the Southwest Airlines SSL certificate that the captive portal was giving for PayPal didn't match up. =) I had to create an exception for PayPal just to complete payment.
Perhaps not a captive portal but a TLS accelerator that is sometimes used in satellite connections, that does act as MITM like corporate security products but with a performance focus. Since many commonly used web properties are moving to HSTS + HPKP + CT it will become increasingly difficult to balance performance and security in high latency connections, but when it comes to a payment gateway, that airline should probably turn off acceleration for paypal.com and 3-D Secure bank pages. Rubens
On Sat, Feb 27, 2016 at 5:40 PM, Rubens Kuhl <rubensk@gmail.com> wrote:
Since many commonly used web properties are moving to HSTS + HPKP + CT it will become increasingly difficult to balance performance and security in high latency connections, but when it comes to a payment gateway, that airline should probably turn off acceleration for paypal.com and 3-D Secure bank pages.
Paypal's certificate is not pinned in Chrome/Firefox. imo a hard error is desirable in this kind of scenario. https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security... https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#New_sites_pi... FWIW Southwest uses Row 44 (GEE Media) for inflight wifi. http://www.geemedia.com/products/connectivity
participants (8)
-
Constantine A. Murenin
-
Damien Burke
-
Frank Bulk
-
Marcin Cieslak
-
Paras Jha
-
Peter Loron
-
Rubens Kuhl
-
Yang Yu