----- Original Message -----
From: "Michael Renzmann" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, October 03, 2003 6:38 AM
Subject: Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable
> Hi.
>
> Cisco released a security notice [1] in August about possible dictionary
> attacks against their proprietary LEAP (Lightweight Extensible
> Authentication Protocol, used with 802.1x). But according to
> Computerworld [2] it seems that this information has not been spread
> well enough.
>
> In addition, Unstrung yesterday reported [3] about the demonstration of
> a tool that seems to be able to retrieve valid passwords for LEAP
> protected WLANs within "minutes, even seconds". The tool is not
> available yet, but its author (Joshua Wright from Johnson & Wales
> University) announced "that the tool will be generally available in a
> couple of months".
>
> Those of you who are using LEAP to protect their Wireless LAN should
> take care of a proper password policy and change passwords regularly.
> Cisco provides further information on password selection in their
> advisory ("Available Documentation", last paragraph).
>
> Bye, Mike
>
> [1]
>
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080
1aa80f.shtml
> [2]
>
http://www.computerworld.com/mobiletopics/mobile/story/0,10801,85637,00.html
?f=x68
> [3] http://www.unstrung.com/document.asp?doc_id=41185
>
>
--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/
