Arran Cudbard-Bell <a.cudbard-bell@sussex.ac.uk> wrote:
Paul Bartell wrote:
Right. Its better to give crackers less information versus more. so others do not get login credentials. Though, if certificates were properly implemented, there would be mutual authentication
Exactly. The only attacks I know of that can be easily implemented rely on administrator/user ignorance/stupidity.
For example some administrators tell users to explicitly uncheck the 'Validate Server Certificate' check box in their supplicants (i've actually seen this in eduroam documentation *shudder*). The result (depending on the EAP method used) is that when an attacker comes along with an AP broadcasting the same SSID as trusted wireless infrastructure, users (or their supplicant software) hand credentials over no questions asked.
Yeah, do a suitable[1] Google hack against 'ac.uk' and I wish we drank a lot more beer at Networkshop. Sigh. :-/ [1] I'll leave it as an exercise to the reader to work out how to build their own 'suitable' query -- Alexander Clouter .sigmonster says: You are as I am with You.