A flaw which has the potential to expose 802.1X wireless credentials by
way of a malicious app has been discovered in some HTC builds of Android[1].

The campus-wide wireless network "UVM" uses 802.1X for access control,
and many devices are likely to store NetID credentials for use with that
network; those credentials may be at risk of exposure. Users of
Android-enabled HTC devices should visit HTC support[2] for assistance
in obtaining and installing code updates to mitigate the exposure.

If you or your constituents use HTC Android devices, visit the US-CERT
bulletin[1] for a list of those confirmed to be affected.


Cheers,

-sth

[1]http://www.kb.cert.org/vuls/id/763355
[2]http://www.htc.com/www/help

--
Sam Hooker | [log in to unmask]
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont