of Mac and Men
Alexander Clouter
alex at digriz.org.uk
Fri Apr 10 00:04:40 CEST 2009
Arran Cudbard-Bell <a.cudbard-bell at sussex.ac.uk> wrote:
>
> Paul Bartell wrote:
>> Right. Its better to give crackers less information versus more.
>> so others do not get login credentials. Though, if certificates
>> were properly implemented, there would be mutual authentication
>
> Exactly. The only attacks I know of that can be easily implemented
> rely on administrator/user ignorance/stupidity.
>
> For example some administrators tell users to explicitly uncheck the
> 'Validate Server Certificate' check box in their supplicants (i've
> actually seen this in eduroam documentation *shudder*). The result
> (depending on the EAP method used) is that when an attacker comes
> along with an AP broadcasting the same SSID as trusted wireless
> infrastructure, users (or their supplicant software) hand credentials
> over no questions asked.
>
Yeah, do a suitable[1] Google hack against 'ac.uk' and I wish we drank a
lot more beer at Networkshop.
Sigh. :-/
[1] I'll leave it as an exercise to the reader to work out how to build
their own 'suitable' query
--
Alexander Clouter
.sigmonster says: You are as I am with You.
More information about the Freeradius-Users
mailing list