2012-08-05 Sun
■ PPTP 最後の日 [windows]
以前から脆弱性を指摘されていたPPTPだが、とうとうその最後の日を迎えた。
Defcon 20(下記参照)で、"PPTP traffic should be considered unencrypted."(PPTP トラヒックは、暗号化されていないと考えるべき)とまで言われちゃっているし。
PPTPご利用の皆さんは、さっさと別の安全なプロトコルへ移行して下さいな。
マイクロソフトさんのセキュリティの脆さ、さすがです。
https://isc.sans.edu/diary/End+of+Days+for+MS-CHAPv2/13807
Moxie Marlinspike and David Hulton gave a talk at Defcon 20 on a presentation on cracking MS-CHAPv2 with 100% success rate. This protocol is still very much in use with PPTP VPNs, and WPA2 Enterprise environments for authentication.
Moxie's recommendations [1]:
1- All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.
2- Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.
Knowing that MS-CHAPv2 can now be cracked, what alternatives are you considering to secure your now insecure communications? The two alternatives suggested by Moxie are "[...] OpenVPN configuration, or IPSEC in certificate rather than PSK mode."
最終更新時間: 2024-11-21 17:03