AirPort Blog

If you don't know what EAP-FAST is, you don't need it. Apple's Mac OS X 10.4.8 update includes new support for a Cisco-exclusive method of logging into a wireless local area network. EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) is a replacement for Cisco's LEAP (Lightweight EAP), which is still in use despite extensive documentation of its cryptographic weakness, including exploit software to extract passwords from transmitted data.

EAP methods allow a username and password or other credentials (such as a smart card swipe) to be passed through a wireless or wired gateway to a backend server that authenticates the validity of the credentials--that the password is valid or the smart card is authorized. Once that's approved, the user trying to gain access is given access. Before then, they're sort of shunted to the side in a way that only allows them to petition for access. This provides a pretty high level of security.

Unfortunately, EAP isn't secured, meaning that any of the data sent via EAP is passed in the clear. Various methods of secured EAP encrypt the authentication part, so that credentials aren't revealed to snoopers. The most widely used form of secured EAP is PEAPv0 (Protected EAP version 0), a method that's found in built-in software in Windows XP SP1 and later and in Mac OS X 10.3 and later. It's also available through free and commercial software for Windows, Linux, and handhelds.

Cisco has a document that describes EAP-FAST and its use, and its limitations.

Posted by Glenn Fleishman at 4:10 PM | Permalink | Comments (0)

Long period of quiet on this blog, I know. The news tends to come in bunches, doesn't it?

The big news of the last few months has been the alleged security flaws uncovered by two researchers that would allow a network cracker to access a system running Mac OS X (along with some Wi-Fi adapters not yet identified used with Windows) by sending particular sets of data that would cause the AirPort driver to either crash the Mac, run some code it was sent, or allow a cracker access at a level that no one but a system administrator should have access.

There's dispute over whether the researchers provided information to Apple that led to Apple releasing patches last week that fix flaws that sound quite similar. The researchers have not directly stated publicly that they provided enough information to pinpoint the flaws; Apple says explicitly they did not. We'll leave that to whomever needs to figure out credit.

For detailed information on the history of this, you can read my coverage at Wi-Fi Networking News in the Security category.

For the purposes of this AirPort blog, I advise everyone running Mac OS X 10.3 (Panther) or 10.4 (Tiger) to use Software Update to install the appropriate AirPort patches immediately. These patches should make it currently impossible (to the best of Apple's ability to test) to use this entire category of attack to crash or hijack a Mac. Apple says no exploit code was found, but that these patches obviate any future exploitation of this kind.

Posted by Glenn Fleishman at 4:01 PM | Permalink | Comments (0)