Cisco's LEAP Authentication Cracked 162
mtrisk writes "Just a day after Cisco released a security warning about its WLSE access point management tool, a tool to crack wi-fi networks using LEAP authentication has been released, reports Wi-Fi Networking News. The tool, called Asleap and developed by Beyond-Security, actively de-authenticates users, sniffs the network when the user re-auntheticates, and performs an offline dictionary attack upon the password."
When it rains, it pours... (Score:5, Funny)
Re:When it rains, it pours... (Score:5, Funny)
Yeah but, don't worry. (Score:5, Funny)
They had this little girl on the computer and she like, downloaded a worm. But, the network saw it and popped up a message on her screan that the worm was there. Then it said that it was like, isolating the worm and everything. Then it like, popped up another message that said the worm had been destroyed. It was like, way cool and I didn't even know that Cisco like, made antivirus software.
Of course the above is a joke but, what is not funny is that the television advertisement is well done and likely to be very influential to the typical PHB who will buy it hook, line and sinker.
I don't feel safe... (Score:5, Funny)
Script kiddies using canned cracks on me from Windows machines would just make me feel dirty.
Re:Yeah but, don't worry. (Score:5, Funny)
Re:dictionary attack? (Score:4, Funny)
Of course, not just any dictionary will do: you need a dictionary with not only simple English words, but with long definitions and even off-beat, obsolete words.
Routers are quiet small in the scheme of things, and they really can't stand up to a quick beating by, let's say the Oxford English dictionary, especially if the router is opened up and the electronics are exposed. No, those little dictionaries you get with a subscription to Time magazine won't do (after all, Time's vocabulary is pretty light-weight to begin with).
However, a quality rack-mounted cisco router will likely be protected in a secure data center or other secure closet. in that case, you'll have to take all the words in the dictionary and hash them up. And if the users aren't dumb, they'll pick tough passwords. It can take many years (or even decades) to successfully attack quality passwords.
I think the physical dictionary attack is the easier approach. Unless you permit your users to choose stupid passwords (like mine: "17Trees")
Re:Yeah but, don't worry. (Score:1, Funny)
Hey Cisco, Boot to the Head! [beagleweb.com]
Re:Cool. Now there's a laugh (Score:4, Funny)
Woh, imagine that! Two different companies using wireless products from Cisco. What are the odds of that!?
Re:dictionary attack? (Score:1, Funny)
Re:Cool. Now there's a laugh (Score:2, Funny)