of Mac and Men
Paul Bartell
paul.bartell at gmail.com
Thu Apr 9 22:15:15 CEST 2009
I'm aware of an attack on a bank which had implemented EAP, and had
fun when a Pen tester was simply getting domain login credentials
without having to work much at all.
Could you maybe provide a rebuttal for this attack? and/or explain how
to make it especially secure?
On Tue, Apr 7, 2009 at 8:28 AM, Alan DeKok <aland at deployingradius.com> wrote:
> Arran Cudbard-Bell wrote:
>> Ohh are you referring to the scaremongering 'The Register' was doing
>> last year? Because of course, anyone with a hacked copy of FreeRADIUS
>> can steal all your users credentials !
>
> Unfortunately, people read his column, and believe him. They might
> also believe that he actually writes his own material.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Random quote of the week/month/whenever i get to updating it:
"Opportunity knocked. My doorman threw him out." - Adrienne Gusoff
"At school you don't get parole, good behavior only brings a longer
sentence." - The History Boys
More information about the Freeradius-Users
mailing list