[ISN] LEAP attack tool author says he wants to alert users to risks

From: InfoSec News (isn@private)
Date: Sun Oct 19 2003 - 22:24:01 PDT

Next message: InfoSec News: "Re: [ISN] Microsoft Toughens Up Outlook"

Previous message: InfoSec News: "[ISN] Hospitals back off Cisco LEAP security for WLANs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: William Knowles <wk@private>

http://www.computerworld.com/securitytopics/security/story/0,10801,86187,00.html

Story by Bob Brewin
OCTOBER 17, 2003
COMPUTERWORLD 

Joshua Wright, the systems engineer who created a tool that targets
wireless LANs protected by Cisco Systems Inc.'s Lightweight Extensible
Authentication Protocol (LEAP), said he did so to demonstrate the ease
with which dictionary attacks against the protocol can crack user
passwords.

Wright said Cisco users should "be aware of the risks that exist by
using the LEAP protocol." He said he plans to release the attack tool,
which he has dubbed ASLEAP, in February, although he declined to say
how he would make it available.

The tool uses a challenge-and-response methodology built into LEAP to
obtain the information needed to mount a dictionary attack, according
to Wright. He then uses a 100GB electronic dictionary that includes
every word in various languages to discover passwords, a process that
Wright said can be done in a matter of seconds.

The dictionary also includes common permutations that end users and IT
managers use in their attempts to make passwords attackproof, such as
substituting the number zero for the letter O. Wright, who emphasized
that his work on ASLEAP has nothing to do with his job at Johnson &
Wales College in Providence, R.I., said he told Cisco about the
Linux-based attack tool during the summer.

Cisco subsequently posted a notice on its Web site about the threat to
LEAP. Ron Seide, product line manager at Cisco's wireless business
unit, said that when Wright releases ASLEAP and the threats "move to a
higher level," the company will be quick to inform users of the
protocol.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "Re: [ISN] Microsoft Toughens Up Outlook"
Previous message: InfoSec News: "[ISN] Hospitals back off Cisco LEAP security for WLANs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 20 2003 - 01:08:08 PDT