Think you are safe using a VPN? Think Again!

Security researcher Moxie Marlinspike has broken the MS-CHAP-V2 (MicroSoft Challenge Handshake Authentication Protocol). You should care about this because this handshake protocol is the backbone of encrypted PPTP VPNs and some WiFi sessions. This essentially means that PPTP VNP is no longer considered secure. Therefore you should no longer trust VPNs and WiFi sessions that are using MS-CHAP-V2 authentication. Sadly, this is nearly all, if not all, PPTP VPN sessions.
The truly scary part of this is that if someone exploits this against your VPN session, not only can they read anything that you transmit between your computer and the server you are connected to, but it also allows the listener to gain your username and password for the session. This would then allow that person to log in to the VPN. Once logged into the network over the VPN they are considered a trusted person on the LAN and are no longer subject to intrusion prevention rules from the firewall. This would make hacking the computers on the network MUCH easier. Read the Full article here: http://threatpost.com/en_us/blogs/new-tool-moxie-marlinspike-cracks-some-crypto-passwords-073012