Full Disclosure mailing list archives
Re: Cisco LEAP exploit tool...
From: Chris Adams <chris () improbable org>
Date: Thu, 15 Apr 2004 00:04:24 -0700
On Apr 14, 2004, at 19:43, Aditya, ALD [Aditya Lalit Deshmukh] wrote:
Well, that really depends, doesn't it. We're doing IPSEC using AES for wireless on a test network. It's a good deal more secure than our wirednetwork, which is still plain text.this sure is plain text but when combined with switches ( yes i know they can be degraded to act like hubs ) it is not broadcasting any info. so unless the intruder manages to get a physical wire in the net it is *very* secure
Or gets access to a machine with a physical connection - a very nice way of upgrading from a single compromised client. Picture what would happen if the next email worm included an active password-collection feature.
This issue has become rather repetitive - we've gone through how many different revisions of wireless network security now? All of them have had flaws and those flaws have been more serious than they should have been because everyone was working under the same fundamental misconception that trusting the network is ever a good idea.
Consider how much more secure the average user would be if all of the time wasted on various wireless security systems had instead been spent enabling the strong end-to-end encryption already included in most common services.
Chris
Attachment:
smime.p7s
Description:
Current thread:
- Re: Cisco LEAP exploit tool..., (continued)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: [inbox] Re: Cisco LEAP exploit tool... Curt Purdy (Apr 14)
- Re: [inbox] Re: Cisco LEAP exploit tool... Dave Howe (Apr 14)
- Re: Cisco LEAP exploit tool... mmo (Apr 14)
- Re: Cisco LEAP exploit tool... Paul Schmehl (Apr 14)
- Re: Cisco LEAP exploit tool... Valdis . Kletnieks (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- Re: Cisco LEAP exploit tool... Paul Schmehl (Apr 14)
- Re: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: Cisco LEAP exploit tool... Aditya, ALD [Aditya Lalit Deshmukh] (Apr 14)
- Re: Cisco LEAP exploit tool... Chris Adams (Apr 15)
- Re: Cisco LEAP exploit tool... mmo (Apr 11)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 14)
- RE: Cisco LEAP exploit tool... Dave Horsfall (Apr 14)
- RE: Cisco LEAP exploit tool... Ron DuFresne (Apr 14)
- RE: Cisco LEAP exploit tool... Jeff Schreiner (Apr 14)
- RE: Cisco LEAP exploit tool... Frank Knobbe (Apr 14)
- RE: Cisco LEAP exploit tool... Byron Copeland (Apr 14)
- Re: Cisco LEAP exploit tool... Valdis . Kletnieks (Apr 15)