"Comcast?s Xfinity wireless hotspots present a Web page for login that requests a customer?s account ID and password, and each time you connec t to a new hotspot it re-authenticates you. But if you?ve connected once during the day, the hotspot remembers your device and reconnects you without prompting.
"That means that if someone were to set up a malicious Wi-Fi access point called ?xfinitywifi,? devices that have connected to Xfinity? s network before could automatically connect without alerting the user or asking for the password. "
Would that WAP have zero security? If you were set to deliver your Xfinity account's ID and password, how would it know to connect you?
Or is it the point that it would capture your Xfinity account's ID and password and tell you, "Sorry, cannot connect" or something??