If you use a VPN, a man named Moxie Marlinspike may have just ruined your day. He has create a piece of software that allows your VPN traffic to be intercepted and decrypted. He announced his new product, which he calls CloudCracker, at the Def Con Hacking conference in Las Vegas this past Saturday. So now anyone with an extra 200 bucks can have a peek at what is being sent along your VPN.
The software alone doesn’t crack you encryption. Once the data is captured it must be sent to Marlinspike and his system will do the decryption and return it to you within 24 hours. At this point in time, Marlinspike says he will not be screening customers to determine whether their intent is honorable or not. His real purpose is to try to encourage software makers to enhance their security.
But before you unplug your computer from the Internet and wipe your hard drive clean, you should know that Marlinspike’s software only works on VPNs that use a point-to-point tunneling protocol. Many companies provide their employees VPN software made by Cisco which is still safe cannot be compromised by CloudCraker.