Hacker can unscramble coded Web traffic for $200

[geXXos]

I found this article interesting, take a look and if you will, post your opinions.


LINK

[lucid]

"What we're trying to do is force people to use more secure VPN technology in the products they are building," he said.

I think that sums it up pretty well. This is also something for people to take into consideration when they think they are being anonymous on the net. Watch your backs.

[geXXos]

Yes indeed

Marlinspike said he developed the service, CloudCracker.com, by taking advantage of a vulnerability he discovered in a widely used virtual private network technology known as point-to-point tunneling protocol

I found this http://www.schneier.com/paper-pptpv2.html

The PPTP protocol is old and has a poorly designed authentication handshake in MS-CHAPv2, he said. "We found we can reduce the security of the protocol to a single DES encryption

Source: http://news.cnet.com/8301-1009_3-57481855-83/tools-boast-easy-cracking-of-microsoft-crypto-for-businesses/

CloudCracker's MS-CHAPv2 dictionary represented the entire address space of the Data Encryption Standard (DES), one of the most popular encryption algorithms containing 72,057,594,037,927,936 options.

Source: http://www.scmagazine.com.au/News/310252,defcon-marlinspike-expands-cloudcracker.aspx

So i think A flaw in the handshake allows the password to be bruteforced. Advances in computing means it became more feasable and now we have a cloud service to do it in 24 hours at a fair price.