Hi, > I'd suggest putting up a web page explaining how you can steal android > credentials via a malicious AP. If you can get it to do TTLS + PAP for > a random certificate, that's good for a CERT issue. And they'll pay > attention to that.
dont even need that. if it doesnt check/trust the certificate then PEAP/MSCHAPv2 is also open and ready to be unpeeled. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
