MS-CHAPv2 Hacked, Dropbox Breached, and Routers Rooted
Last week’s video highlighted the presentations I saw at Blackhat and DEF CON this year. However, that was just a tiny glimpse into all the interesting security talks given at these popular conferences. This week, I share a few more conference highlights, including talks about problems with the authentication protocol used for PPTP VPNs, and some vulnerabilities in routers from a Chinese manufacturer.
I also cover the regular security news from the week, including an advisory about some unpatched Exchange vulnerabilities, news of a Dropbox breach, and a story about how one French company seems to be trolling Anonymous. While some of the stories are just fun and interesting, others have significant implications on your network security. If you use PPTP VPNs or WPA2 Enterprise wireless authentication, be sure to watch the video below, and learn how to avoid future attacks.
If you want to read more details about any of these stories, check out the Reference section below. Thanks for watching.
(Episode Runtime: 9:04)
Direct YouTube Link: http://www.youtube.com/watch?v=Ayf-DmOwO28
Episode References:
- Blackhat/DEF CON Updates
- Moxie Marlinspike’s blog post on MS-CHAPv2 weakness – CloudCracker blog
- UPDATE: It appears WPA2 Enterprise PEAP authentication isn’t affected – Network World
- Researchers disclose many vulnerabilities in Huawei routers – ComputerWorld
- Huawei responds to router vulnerability allegations – CRN
- MS Exchange suffers from Oracle Outside In vulnerabilities – Microsoft
- Dropbox confirms security breach – Dropbox Blog
- French Firm tries to trademark Anonymous Logo – BBC News
- Facebook SEC filings include details about fake and malicious accounts – SEC
- Infographic on Facebook fake accounts – Naked Security Blog