Slashdot Mirror

← Back to Stories (view on slashdot.org)

WEP And PPTP Password Crackers Released

Posted by timothy on from the be-worried dept.

Jacco de Leeuw writes "SecurityFocus published an article by Michael Ossmann that discusses the new generation of WEP cracking tools for 802.11 wireless networks. These are much faster as they perform passive statistical analysis. In many cases, a WEP key can be determined in minutes or even seconds. For those who have switched to PPTP for securing their wireless nets: Joshua Wright released a new version of his Cisco LEAP cracker called Asleap which can now also recover weak PPTP passwords. Both LEAP and PPTP employ MS-CHAPv2 authentication." Update: 12/22 00:14 GMT by T : Michael Ossmann wrote to point out his last name has two Ns, rather than one.

2 of 244 comments (clear)

  1. Some thoughts on Wireless and Security by Raindeer · · Score: 4, Insightful

    Well, I wrote some thoughts on Wireless and Security in my blog which I now copy here.

    # setting up secure connections is too difficult for the lay person. We need standard Diffie-Helman key exchanges. I saw on the internet that it is available on some access points, but it just should be the standard of the IEEE. As far as I could find with Google it isn't yet. I can't understand why.

    # Securing accesspoints should be mandatory. There are too many open access points available. There is no use for anonymous connections over a random family's access point, it only endangers them into being seen as cybercriminals.

    # If people want to make it possible for neighbours and strangers to make use of their access point it should be done in the same way hotspots are now available at airports and Starbucks. Make it possible to extend the official network of the ISP to a users access point. This way if I open up my laptop and there is an access point available of Joe User, I can only hook up to it by propperly logging in to the ISP's network or use the airport/credit card system. This will require many roaming agreements etc, but it would bring security and convenience at the same time. It should be done in such a way that the person opening up his network in this way can throttle the speed of the guest users and/or the times they can access. So I would like to see a rule like "Guests can only connect when I am not connecting" or "Guests only get 1mbit/sec".

    --
    Use Adsense for Charity
  2. Re:Feasibility of dictionary attacks no protocol f by amorsen · · Score: 4, Insightful
    Every communication which uses passwords for authentication is susceptible to dictionary attacks

    But the good ones only allow online dictionary attacts. LEAP, PPTP, WEP, and unfortunately WPA all allow offline attacks.

    --
    Finally! A year of moderation! Ready for 2019?