[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.

> On 17 Feb 2016, at 3:59 AM, David Illsley <[email protected]> wrote:
> I'm interested in the Sandboxing point in section 4. I understand these to be designed as a pro-user security feature. In general I don't trust random network devices in hotels so I'll use a VPN. That leaves me open to malware attacks from the captive portal [1]. Deciding to put captive portals into a more-restrictive-than-usual sandbox then seems reasonable to me.
> Can you explain the problems caused by sandboxing (I don't think I've ever experienced them)?

AIUI, some captive portals want access to the users' normal cookies; e.g., to log into Facebook to authenticate the user (yeah, I know...). Also, I understand that some captive portal sandboxes don't allow some browser features like video playback, and some captive portals feel that they need this functionality. 


> David
> [1] http://www.wired.com/2014/11/darkhotel-malware/

Mark Nottingham   https://www.mnot.net/