A flaw which has the potential to expose 802.1X wireless credentials by
way of a malicious app has been discovered in some HTC builds of Android.
The campus-wide wireless network "UVM" uses 802.1X for access control,
and many devices are likely to store NetID credentials for use with that
network; those credentials may be at risk of exposure. Users of
Android-enabled HTC devices should visit HTC support for assistance
in obtaining and installing code updates to mitigate the exposure.
If you or your constituents use HTC Android devices, visit the US-CERT
bulletin for a list of those confirmed to be affected.
Sam Hooker | [log in to unmask]
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont