subject:"Southwest Airlines captive portal"

RE: Southwest Airlines captive portal

2016-02-27 Thread Frank Bulk

I was MITMed, but not maliciously, but by Southwest Airline’s system (which 
uses Row44).   The site doesn’t have to be pinned for a browser to throw up a 
warning about the SSL certificate not matching the URL.

 

I did connect with an SWA employee.

 

Frank

 

From: Paras Jha [mailto:pa...@protrafsolutions.com] 
Sent: Saturday, February 27, 2016 5:09 PM
To: Damien Burke <dam...@supremebytes.com>
Cc: Frank Bulk <frnk...@iname.com>; nanog@nanog.org
Subject: Re: Southwest Airlines captive portal

 

You got MITM'd

 

On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke <dam...@supremebytes.com 
<mailto:dam...@supremebytes.com> > wrote:

You should change your paypal password.


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org <mailto:nanog-boun...@nanog.org> ] 
On Behalf Of Frank Bulk
Sent: Saturday, February 27, 2016 10:27 AM
To: nanog@nanog.org <mailto:nanog@nanog.org> 
Subject: Southwest Airlines captive portal

Anyone from Southwest Airlines on this list?

On a recent flight I discovered I couldn't complete payment through PayPal 
because my web browsers properly noticed that the Southwest Airlines SSL 
certificate that the captive portal was giving for PayPal didn't match up.
=)  I had to create an exception for PayPal just to complete payment.

Frank

Re: Southwest Airlines captive portal

2016-02-27 Thread Yang Yu

On Sat, Feb 27, 2016 at 5:40 PM, Rubens Kuhl  wrote:

> Since many commonly used web properties are moving to HSTS + HPKP + CT it
> will become increasingly difficult to balance performance and security in
> high latency connections, but when it comes to a payment gateway, that
> airline should probably turn off acceleration for paypal.com and 3-D Secure
> bank pages.

Paypal's certificate is not pinned in Chrome/Firefox. imo a hard error
is desirable in this kind of scenario.
https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json?view=markup
https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#New_sites_pinned_in_Firefox_32

FWIW Southwest uses Row 44 (GEE Media) for inflight wifi.
http://www.geemedia.com/products/connectivity

Re: Southwest Airlines captive portal

2016-02-27 Thread Marcin Cieslak

On Sat, 27 Feb 2016, Constantine A. Murenin wrote:

> On 27 February 2016 at 10:26, Frank Bulk  wrote:
> > Anyone from Southwest Airlines on this list?
> >
> > On a recent flight I discovered I couldn't complete payment through PayPal
> > because my web browsers properly noticed that the Southwest Airlines SSL
> > certificate that the captive portal was giving for PayPal didn't match up.
> > =)  I had to create an exception for PayPal just to complete payment.
> >
> > Frank
> 
> I think it is PayPal you should be contacting instead.
> 
> PayPal User Agreement requires that you maintain adequate security of
> your account credentials, and immediately notify PayPal that your
> password has been compromised.
> 
> https://www.paypal.com/webapps/mpp/ua/useragreement-full
> 
> > 1.6 Password Security and Keeping Your Email and Address Current. You are 
> > responsible for maintaining adequate security and control of any and all 
> > IDs, passwords, personal identification numbers (PINs), or any other codes 
> > that you use to access the Services.
> ...

in theory

I suspected I was almost mit'med once, I have notified them immediately
and got a standard blurb about keeping my anti virus software up to date...

Marcin

Re: Southwest Airlines captive portal

2016-02-27 Thread Rubens Kuhl

On Sat, Feb 27, 2016 at 3:26 PM, Frank Bulk  wrote:

> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =)  I had to create an exception for PayPal just to complete payment.
>
>
Perhaps not a captive portal but a TLS accelerator that is sometimes used
in satellite connections, that does act as MITM like corporate security
products but with a performance focus.

Since many commonly used web properties are moving to HSTS + HPKP + CT it
will become increasingly difficult to balance performance and security in
high latency connections, but when it comes to a payment gateway, that
airline should probably turn off acceleration for paypal.com and 3-D Secure
bank pages.

Rubens

Re: Southwest Airlines captive portal

2016-02-27 Thread Peter Loron

Likely. Let Southwest know, and as others have said, change your password. 
Hopefully it was unique to PayPal. 

-Pete




On 2/27/16, 15:09, "NANOG on behalf of Paras Jha" <nanog-boun...@nanog.org on 
behalf of pa...@protrafsolutions.com> wrote:

>You got MITM'd
>
>On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke <dam...@supremebytes.com>
>wrote:
>
>> You should change your paypal password.
>>
>> -Original Message-
>> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Frank Bulk
>> Sent: Saturday, February 27, 2016 10:27 AM
>> To: nanog@nanog.org
>> Subject: Southwest Airlines captive portal
>>
>> Anyone from Southwest Airlines on this list?
>>
>> On a recent flight I discovered I couldn't complete payment through PayPal
>> because my web browsers properly noticed that the Southwest Airlines SSL
>> certificate that the captive portal was giving for PayPal didn't match up.
>> =)  I had to create an exception for PayPal just to complete payment.
>>
>> Frank
>>
>>
>

Re: Southwest Airlines captive portal

2016-02-27 Thread Constantine A. Murenin

On 27 February 2016 at 10:26, Frank Bulk  wrote:
> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =)  I had to create an exception for PayPal just to complete payment.
>
> Frank

I think it is PayPal you should be contacting instead.

PayPal User Agreement requires that you maintain adequate security of
your account credentials, and immediately notify PayPal that your
password has been compromised.

https://www.paypal.com/webapps/mpp/ua/useragreement-full

> 1.6 Password Security and Keeping Your Email and Address Current. You are 
> responsible for maintaining adequate security and control of any and all IDs, 
> passwords, personal identification numbers (PINs), or any other codes that 
> you use to access the Services.
...

> 12.2 Notification Requirements.
>
> You should immediately notify PayPal if you believe:
> there has been an unauthorized transaction or unauthorized access to 
> your Account;
> there is an error in your Account Profile or activity or transaction 
> confirmation sent to you by email;
> your password or PIN has been compromised;
...

C.

Re: Southwest Airlines captive portal

2016-02-27 Thread Paras Jha

You got MITM'd

On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke <dam...@supremebytes.com>
wrote:

> You should change your paypal password.
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Frank Bulk
> Sent: Saturday, February 27, 2016 10:27 AM
> To: nanog@nanog.org
> Subject: Southwest Airlines captive portal
>
> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =)  I had to create an exception for PayPal just to complete payment.
>
> Frank
>
>

RE: Southwest Airlines captive portal

2016-02-27 Thread Damien Burke

You should change your paypal password.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Frank Bulk
Sent: Saturday, February 27, 2016 10:27 AM
To: nanog@nanog.org
Subject: Southwest Airlines captive portal

Anyone from Southwest Airlines on this list?

On a recent flight I discovered I couldn't complete payment through PayPal 
because my web browsers properly noticed that the Southwest Airlines SSL 
certificate that the captive portal was giving for PayPal didn't match up.
=)  I had to create an exception for PayPal just to complete payment.

Frank

Southwest Airlines captive portal

2016-02-27 Thread Frank Bulk

Anyone from Southwest Airlines on this list?

On a recent flight I discovered I couldn't complete payment through PayPal
because my web browsers properly noticed that the Southwest Airlines SSL
certificate that the captive portal was giving for PayPal didn't match up.
=)  I had to create an exception for PayPal just to complete payment.

Frank

RE: Southwest Airlines captive portal

Re: Southwest Airlines captive portal

Re: Southwest Airlines captive portal

Re: Southwest Airlines captive portal

Re: Southwest Airlines captive portal

Re: Southwest Airlines captive portal

Re: Southwest Airlines captive portal

RE: Southwest Airlines captive portal

Southwest Airlines captive portal

9 matches

Site Navigation

Mail list logo

Footer information