Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Encryption Security Hardware

Cisco's LEAP Authentication Cracked 162

Posted by CowboyNeal from the cisco's-bad-week dept.
mtrisk writes "Just a day after Cisco released a security warning about its WLSE access point management tool, a tool to crack wi-fi networks using LEAP authentication has been released, reports Wi-Fi Networking News. The tool, called Asleap and developed by Beyond-Security, actively de-authenticates users, sniffs the network when the user re-auntheticates, and performs an offline dictionary attack upon the password."
This discussion has been archived. No new comments can be posted.

Cisco's LEAP Authentication Cracked More

Cisco's LEAP Authentication Cracked

Comments Filter:

  • When it rains, it pours... (Score:5, Funny)

    by bfg9000 ( 726447 ) on Saturday April 10, 2004 @11:49AM (#8824780) Homepage Journal
    What are these guys, the Microsoft of hardware?

  • Re:When it rains, it pours... (Score:5, Funny)

    by PoopJuggler ( 688445 ) on Saturday April 10, 2004 @11:51AM (#8824793)
    Wouldnt that make them Microhard?

  • Yeah but, don't worry. (Score:5, Funny)

    by FreeLinux ( 555387 ) on Saturday April 10, 2004 @11:52AM (#8824799)
    Because if you are using a Cisco network it is self-defending, self-securing and self-healing. No, really. I saw it on TV.

    They had this little girl on the computer and she like, downloaded a worm. But, the network saw it and popped up a message on her screan that the worm was there. Then it said that it was like, isolating the worm and everything. Then it like, popped up another message that said the worm had been destroyed. It was like, way cool and I didn't even know that Cisco like, made antivirus software.

    Of course the above is a joke but, what is not funny is that the television advertisement is well done and likely to be very influential to the typical PHB who will buy it hook, line and sinker.

  • I don't feel safe... (Score:5, Funny)

    by cdavies ( 769941 ) on Saturday April 10, 2004 @11:59AM (#8824851) Homepage
    .. with my Open System Wireless, with MAC address access control, but at least my intruders will be using a better class of operating system, on which you can easily spoof MACs.

    Script kiddies using canned cracks on me from Windows machines would just make me feel dirty.

  • Re:Yeah but, don't worry. (Score:5, Funny)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Saturday April 10, 2004 @12:00PM (#8824860) Homepage Journal
    And like, the router was like BEEP BEEP BEEP BEEP and then it crashed, it was a really good config too.

  • Re:dictionary attack? (Score:4, Funny)

    by Anonymous Coward on Saturday April 10, 2004 @12:05PM (#8824873)
    Yeah, let me tell you, a dictionary attack WILL break a cisco router in seconds, every time.

    Of course, not just any dictionary will do: you need a dictionary with not only simple English words, but with long definitions and even off-beat, obsolete words.

    Routers are quiet small in the scheme of things, and they really can't stand up to a quick beating by, let's say the Oxford English dictionary, especially if the router is opened up and the electronics are exposed. No, those little dictionaries you get with a subscription to Time magazine won't do (after all, Time's vocabulary is pretty light-weight to begin with).

    However, a quality rack-mounted cisco router will likely be protected in a secure data center or other secure closet. in that case, you'll have to take all the words in the dictionary and hash them up. And if the users aren't dumb, they'll pick tough passwords. It can take many years (or even decades) to successfully attack quality passwords.

    I think the physical dictionary attack is the easier approach. Unless you permit your users to choose stupid passwords (like mine: "17Trees")

  • Re:Yeah but, don't worry. (Score:1, Funny)

    by Anonymous Coward on Saturday April 10, 2004 @12:16PM (#8824916)
    They should have used Ti-Kwan-Leep authentication.

    Hey Cisco, Boot to the Head! [beagleweb.com]

  • Re:Cool. Now there's a laugh (Score:4, Funny)

    by AKnightCowboy ( 608632 ) on Saturday April 10, 2004 @01:26PM (#8825335)
    I think I know where you used to work, unless the company I used to work for did the same thing =P

    Woh, imagine that! Two different companies using wireless products from Cisco. What are the odds of that!?

  • Re:dictionary attack? (Score:1, Funny)

    by Anonymous Coward on Saturday April 10, 2004 @01:31PM (#8825380)
    Unless you permit your users to choose stupid passwords (like mine: "17Trees")
    d00d, ur box is r00t3d. I'm in 127.0.0.1 n0w. Start crying, time to rm -fR /.

  • Re:Cool. Now there's a laugh (Score:2, Funny)

    by BlackHorse ( 671909 ) on Saturday April 10, 2004 @01:36PM (#8825414)
    I meant a "major" company "just" rolling out Cisco wireless to "all" locations.

Slashdot Top Deals

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein

Close