EvilZone
Other => Found it on the Webs => Topic started by: geXXos on October 28, 2012, 09:14:51 AM
-
I found this article interesting, take a look and if you will, post your opinions.
LINK (http://www.msnbc.msn.com/id/48384431/ns/technology_and_science-tech_and_gadgets/?__utma=14933801.1855384836.1342691355.1343265685.1343644649.10&__utmb=14933801.1.10.1343644649&__utmc=14933801&__utmx=-&__utmz=14933801.1342691355.1.1.utmcsr=%28direct%29|utmccn=%28direct%29|utmcmd=%28none%29&__utmv=14933801.|8=Earned%20By=msnbc|cover=1^12=Landing%20Content=Mixed=1^13=Landing%20Hostname=www.nbcnews.com=1^30=Visit%20Type%20to%20Content=Earned%20to%20Mixed=1&__utmk=174094754)
-
"What we're trying to do is force people to use more secure VPN technology in the products they are building," he said.
I think that sums it up pretty well. This is also something for people to take into consideration when they think they are being anonymous on the net. Watch your backs.
-
Yes indeed
Marlinspike said he developed the service, CloudCracker.com, by taking advantage of a vulnerability he discovered in a widely used virtual private network technology known as point-to-point tunneling protocol
I found this http://www.schneier.com/paper-pptpv2.html
The PPTP protocol is old and has a poorly designed authentication handshake in MS-CHAPv2, he said. "We found we can reduce the security of the protocol to a single DES encryption
Source: http://news.cnet.com/8301-1009_3-57481855-83/tools-boast-easy-cracking-of-microsoft-crypto-for-businesses/
CloudCracker's MS-CHAPv2 dictionary represented the entire address space of the Data Encryption Standard (DES), one of the most popular encryption algorithms containing 72,057,594,037,927,936 options.
Source: http://www.scmagazine.com.au/News/310252,defcon-marlinspike-expands-cloudcracker.aspx
So i think A flaw in the handshake allows the password to be bruteforced. Advances in computing means it became more feasable and now we have a cloud service to do it in 24 hours at a fair price.