On a recent flight I discovered I couldn't complete payment through PayPal
because my web browsers properly noticed that the Southwest Airlines SSL
certificate that the captive portal was giving for PayPal didn't match up.
=) I had to create an exception for PayPal just to complete payment.
On a recent flight I discovered I couldn't complete payment through PayPal
because my web browsers properly noticed that the Southwest Airlines SSL
certificate that the captive portal was giving for PayPal didn't match up.
=) I had to create an exception for PayPal just to complete payment.
Frank
I think it is PayPal you should be contacting instead.
PayPal User Agreement requires that you maintain adequate security of
your account credentials, and immediately notify PayPal that your
password has been compromised.
1.6 Password Security and Keeping Your Email and Address Current. You are responsible for maintaining adequate security and control of any and all IDs, passwords, personal identification numbers (PINs), or any other codes that you use to access the Services.
...
12.2 Notification Requirements.
You should immediately notify PayPal if you believe:
there has been an unauthorized transaction or unauthorized access to your Account;
there is an error in your Account Profile or activity or transaction confirmation sent to you by email;
your password or PIN has been compromised;
Perhaps not a captive portal but a TLS accelerator that is sometimes used
in satellite connections, that does act as MITM like corporate security
products but with a performance focus.
Since many commonly used web properties are moving to HSTS + HPKP + CT it
will become increasingly difficult to balance performance and security in
high latency connections, but when it comes to a payment gateway, that
airline should probably turn off acceleration for paypal.com and 3-D Secure
bank pages.
I was MITMed, but not maliciously, but by Southwest Airline’s system (which uses Row44). The site doesn’t have to be pinned for a browser to throw up a warning about the SSL certificate not matching the URL.