NNSquad - Network Neutrality Squad
[ NNSquad ] Attack against Microsoft scheme puts hundreds of crypto apps at risk
Attack against Microsoft scheme puts hundreds of crypto apps at risk
http://j.mp/NHKPb0 (ars technica)
"Researchers have devised an attack against a Microsoft-developed
authentication scheme that makes it trivial to break the encryption
used by hundreds of anonymity and security services, including the
iPredator virtual private network offered to users of The Pirate Bay.
The attack, unveiled by Moxie Marlinspike and David Hulton, takes on
average just 12 hours to recover the secret key that iPredator and
more than 100 other VPN and wireless products use to encrypt sensitive
data. The technique, which has been folded into Marlinspike's
CloudCracker service, exploits weaknesses in version 2 of a Microsoft
technology known as MS-CHAP, short for Microsoft challenge-handshake
authentication protocol. It's widely used to log users into VPN and
WPA2 networks and is built into a variety of operating systems,
including Windows and Ubuntu."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
- Data Wisdom Explorers League: http://www.dwel.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad