PPTP hack leaves corporate VPNs wide open

30 Jul 12 20:36 by in category Computers

Moxie Marlinspike who specialises in cryptology has released tools at the recent DEF CON 20 hacking conference that can crack WPA2 and the VPN passwords used by corporate networks. The tools target a weakness in Microsoft’s MS-CHAPv2 protocol, which the widely used the Point to Point Tunnelling Protocol (PPTP) uses for authentication purposes.

One of Moxie’s programs, ‘ChapCrack’ targets MS-CHAPv2 handshakes and Secure Socket Layer (SSL) communications to generate a key that can be fed to another program dubbed ‘CloudCracker’ which runs on super computer utilising customised hardware.

In less than a day CloudCracker generates another key which can then be fed back into ChapCrack enabling ChapCrack to break the Data Encryption Standard (DES) codes.

All traffic across the compromised WiFi network is then visible to the hackers including passwords, emails and other confidential information.

PPTP has until now remained popular due to its backwards compatibility with Windows XP systems. Perhaps now this will change.

Computer World also reports on this here.

3 Comments on PPTP hack leaves corporate VPNs wide open

ChristineBCW
Posts: 1351
Posted on: 30 Jul 12 21:46
Boy, sure glad we stopped using FILETOPIA and DCC++ about 7 years ago!
Mr. Belvedere
Posts: 18850
Posted on: 30 Jul 12 23:10
Quote:
One of Moxie’s programs, ‘ChapCrack’ targets MS-CHAPv2 handshakes and Secure Socket Layer (SSL) communications to generate a key
Hmm... scary.

Quote:
that can be fed to another program dubbed ‘CloudCracker’ which runs on super computer utilising customised hardware.
Hmm... not so scary.

Quote:
In less than a day CloudCracker generates another key
But on what kind of super computer?

Quote:
which can then be fed back into ChapCrack enabling ChapCrack to break the Data Encryption Standard (DES) codes.
Scary.


I'm not sure what to think of this...
RTV71
Posts: 221
Posted on: 01 Aug 12 17:31
OpenVPN supports WinXP (and most everything else).
Tell us, what do you think about

PPTP hack leaves corporate VPNs wide open

Most popular headlines

Windows Blue to allow boot to desktop and brings start menu back? (3)

  • Tue 16 Apr 16:12 by DoMiN8ToR
  • Software, Windows 8

The upcoming update of Windows 8 might allow users to boot to the desktop again.

Jobs in US entertainment industry on all-time high - piracy?! (8)

The number of jobs in the film and music industry in the United States has increased despite the claimed negative effects of illegal downloads.

The Piratebay domain moves to Greenland - circumvents blockade (3)

The PirateBay has moved to the domain thepiratebay.gl in fear that their previous domain would be ceased by Swedish authorities

Intel 9 series chipset has native SATA Express (SATA over PCIe) support (2)

A Chinese tech site has posted a picture that reveals details on Intel's 9 series chipset.

See all headlines

Active Commenters