I saw the demo at Defcon last summer, apparently now the tool for cracking Cisco LEAP has been released. There’s been a lot of work on replacing WEP in the standard 802.11 stack with a more secure and infrastructure friendly system. Cisco LEAP was one of the contenders, apparently it didn’t fare too well. However, based on the presentations at Defcon, none of the offerings were doing very well. Tools like Kismet (for detecting networks) and AirSnort (for cracking WEP) have been around for a long time. So the existence of tools like this isn’t really surprizing. The interesting part is that WEP needs to be replaced cause it was insecure, and the replacements have ended up displaying major issues as well. General opinion is that most vendors saw a potential market advantage in being the first mover for implementing a replacement. So all these equiptment vendors raced off to fill the void without performing any sort of diligence, and now they’re getting spanked in the market cause their replacements are crap. Sure, it’s hard to get security right. But this time the problem seems to be just pure greed. Everyone jumped in before they were really ready.