Disclaimer: This is intended more or less for the security "wonks"(myself included
) on PS.com, and well, anyone else interested in this area.
In summary, MS-CHAPv2, a popular authentication mechanism used in an even more popular remote access solution, PPTP based VPN's, is officially broken. Using purpose built hardware and/or distributed computing, brute forcing the keys used for DES operations in the encryption scheme, which is also used to derive the session keys used to secure the tunnel, hence rendering the entire tunnel insecure, is trivial.
https://www.cloudcracker.com/blog/20...ng-ms-chap-v2/
In other news, the NSA went to Defcon[1]....I wonder how "spot-the-Fed"[2] went.
[1]
http://www.computerworld.com/s/artic...ing_cyberspace
[2]
http://www.zdnet.com/news/def-cons-s...the-fed/102697
Linear Mode
