Hi, > Please elaborate on how the system can be circumvented? FakeAP spring to mind instantly. as does any of the other man-in-middle attacks. a quick google will bring up many methods of doing such attacks.
basically, I set up an a software AP with same SSID. I have same login page - even the same signed certificate if you've been so good as to buy a commercial one - and take the users credentials when they login. I then pull down by AP and use the credentials to login. Trivial stuff. if you use WEP I can do a similar thing to get the 3rd party to send me enough WEP traffic (failures of course) to get the key using the modern crackers. 5 minutes of fun...and then use that WEP for my gateway. (same isnt true - yet - for WPA-PSK - but like WEP those passphrases need to be disemminated. All this falls in the same 'security' bucket (or bin) as MAC authentication, hiding the SSID etc. but since most public sites use these systems its goota be okay. yes? ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
