| ]

[ Updated : Added  "10 Common Mistakes of Incident Responders" at the bottom]

The following post will brake one major rule I adhere to  when blogging, a post shall have not more than 10% of content that is not authored by myself. The content of this post resonated so well with me however that I decided to make an exception.

The following is attributed to Alit-Reza Anghaie a.k.a Packetknife.com. For those of you in similar situations I can only warmly recommend to consider and follow the advice. The emphasis is mine.

[Start of Excerpt] 
Alit-Reza Anghaie
I've had a fairly long and quite unintentional career in InfoSec ranging from Academic to Entertainment to Defense. Along the way a lot of mistakes were made or observed. This post marks the first in many installments to share lack of foresight turned into a graying face ghillie.

I'm not quite sure of the right format but I'm going with a Top Twenty - so I'll keep on the biggest pain points as I see them.

| ]


A post within the "straight to the meat" category :

There was a talk at Defcon 20 entitled "Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2", by Moxie and David Hulton - the talk announced the implementation of a tool that reduced the security of MS-CHAPv2 to the strength of a single DES encryption.

This post gives a quick rundown with references on what you need to know, enjoy - Thierry




History :
1999 - Bruce Schneier and Mudge document the vulnerability [2]
2011 - Sogeti releases POC performing the same attack against MS-CHAPv2 [4]
2012 - Defcon Talk detailing the flaw and  release of SAAS to crack the key within 23hours [3]