[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [inbox] Re: [Full-Disclosure] Cisco LEAP exploit tool...

To: "Email List: Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [inbox] Re: [Full-Disclosure] Cisco LEAP exploit tool...
From: "Dave Howe" <DaveHowe@xxxxxxxxxxxxxxxxxx>
Date: Wed, 14 Apr 2004 16:19:14 +0100

Curt Purdy wrote:
> Agreed.  If the packets/hashes can be accessed it can be compromised.
> "Unbreakable" has been touted from the 48-bit Netscape encryption
> that took USC's distributed network a week to crack, to Oracle 9i
> that took one day to compromise, I believe.
You are preaching to the choir there - however, my boss is preferring to
believe the consultant's claims that the 10 minute key cycle (communicated
by TLS) makes the system unbreakable.... so it doesn't need to be on a DMZ
and can work "just like they were on the lan"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Cisco LEAP exploit tool...
  - From: mmo

References:
- RE: [inbox] Re: [Full-Disclosure] Cisco LEAP exploit tool...
  - From: Curt Purdy

Prev by Date: [Full-Disclosure] 1 patch for 1 vulnerabiliy for Linux and BSD? gunna try and sell us a bridge now too?
Next by Date: [Full-Disclosure] [OpenPKG-SA-2004.013] OpenPKG Security Advisory (cvs)
Previous by thread: RE: [inbox] Re: [Full-Disclosure] Cisco LEAP exploit tool...
Next by thread: Re: [Full-Disclosure] Cisco LEAP exploit tool...
Index(es):
- Date
- Thread