[pptp-server] Re: [pptp-server] Re: [pptp-server] Security ?

Hamilton Hoover hamilton at twopoint.com
Tue Jun 22 11:40:17 CDT 1999


I stand corrected. I think it very important that the exact nature of
this bug be disclosed. For those running MS PPTP, they have a very very
serious possibility of a breach. For what I can make of the press
release and faq page is that the security hazard is limited to only
machine implementing MS PPTP. And that the problem itself is not within
PPTP but the way that MS PPTP encryption. For those running PPTP on
other flavors there is no suggestion that the encryption flaw that MS
has caries over.

1. What did Bruce Schneier and Mudge actually do?
They found security flaws in Microsoft PPTP that allow attacks to sniff
passwords across the network, break the encryption scheme and read
confidential data, and
mount denial of service attacks against PPTP servers. They did not find
flaws in PPTP, only in Microsoft's implementation of it.

I assumed from the statement below that the problem was limited to the
server. After review I retract that statement.

2. What is PPTP?
PPTP stands for point-to-point tunneling protocol. It is an Internet
protocol commonly used in Virtual Private Network (VPN) products.
Windows NT supports
PPTP server, and both Windows NT and Windows 95 support PPTP client.

I'd love to hear more ideas and find out more about this problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/19990622/3c5fa7b6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hamilton.vcf
Type: text/x-vcard
Size: 384 bytes
Desc: Card for Hamilton Hoover
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/19990622/3c5fa7b6/attachment.vcf>


More information about the pptp-server mailing list