Here's a nice, detailed, review of Moxie Marlinspike's NT hash cracking service. You send them a "token" derived from a captured NT hash, and for $200 off your credit card, they'll send you a DES key which collides with the "original" key to produce the captured hash.
In the article, they go through the process of using arpspoof to collect an iPhone's VPN connection and then using Marlinspike's service to obtain a collision key to subvert the PPTP VPN connection. The review provides a clear description of how to go through the process and effectively makes the point that using PPTP is a very bad idea these days.
However, to me the really interesting part is that the article is something of a review of Marlinspike's service, and ends up being a mixed review. It's a mixed review not because it doesn't work, but because the customer service is lacking in niceties - not enough hand holding and not providing a credit card receipt! This is an online key cracking service that can be used for very malicious purposes, and the review is dinging them the way most people would ding Sears. In other words, hacking ... compromising cryptographic authentication systems ... is starting to become a retail service!
http://h-online.com/-1716768
I'm waiting for the Consumer Reports review.
No comments:
Post a Comment