A flaw in a popular VPN technology could allow hackers to obtain a text version of encrypted communications with only "moderate effort," a tech security body has warned.
Britain's national emergency response team, the National Infrastructure Security Coordination Centre, issued a warning this week about the safety of virtual private networks that use IPsec encryption and tunneling to connect remote workers to corporate networks.
The flaw, which the NISCC rates as "high" risk, makes it possible for an attacker to intercept IP packets traveling between two IPsec devices. They could then modify the encapsulation security payload--a subprotocol that encrypts the data being transported. This could ultimately expose this data to an unauthorized third party.
On its Web site, NISCC stated: "By making careful modifications to selected portions of the payload of the outer packet, an attacker can effect controlled changes to the header of the inner (encrypted) packet?If these messages can be intercepted by an attacker, then plaintext data is revealed."
The NISCC includes a number of solutions to this issue in its advisory.
Not much detail in this report - it implies that All IPsec is at risk despite the numerous implementations and protocols available. I find it hard to believe that this flaw affects all vendors. So where is the real story?.
If you read the NISCC advisory, you'll see this only applies to ESP packets that don't have an accompanying integrity check such as MD5 or SHA-1. I haven't seen any IPsec device that doesn't make use of integrity checks, but there are probably poorly designed implementations out there that make this mistake.
I would say that if you see MD5 or SHA-1 in your IPsec policy then you have nothing to worry about.
Not much detail in this report - it implies that All IPsec is at risk despite the numerous implementations and protocols available. I find it hard to believe that this flaw affects all vendors. So where is the real story?.
If you read the NISCC advisory, you'll see this only applies to ESP packets that don't have an accompanying integrity check such as MD5 or SHA-1. I haven't seen any IPsec device that doesn't make use of integrity checks, but there are probably poorly designed implementations out there that make this mistake.
I would say that if you see MD5 or SHA-1 in your IPsec policy then you have nothing to worry about.
there is no story. The substance of the warning is: "If you misconfigure your VPN, it might not work"
the real story is that CERT and NISCC have so little of relevance to do with themselves, that they are issuing garbage like this.
Probably what happened is that someone important (therefore too important to actually read the documentation) made a stupid mistake, put his entire organization at risk, and is now forcing CERT to issue a warning. There are perhaps three people like that: someone at Homeland insecurity, someone at MI5, or someone at CERT.
there is no story. The substance of the warning is: "If you misconfigure your VPN, it might not work"
the real story is that CERT and NISCC have so little of relevance to do with themselves, that they are issuing garbage like this.
Probably what happened is that someone important (therefore too important to actually read the documentation) made a stupid mistake, put his entire organization at risk, and is now forcing CERT to issue a warning. There are perhaps three people like that: someone at Homeland insecurity, someone at MI5, or someone at CERT.
The two telecom carriers will carry a next-generation iPad running on the fast, next-generation wireless technology, sources tell The Wall Street Journal.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
So where is the real story?.
This sounds like a potentially far-reaching issue. More details would be appreciated.
I would say that if you see MD5 or SHA-1 in your IPsec policy then you have nothing to worry about.
So where is the real story?.
This sounds like a potentially far-reaching issue. More details would be appreciated.
I would say that if you see MD5 or SHA-1 in your IPsec policy then you have nothing to worry about.
The substance of the warning is: "If you misconfigure your VPN, it might not work"
the real story is that CERT and NISCC have so little of relevance to do with themselves, that they are issuing garbage like this.
Probably what happened is that someone important (therefore too important to actually read the documentation) made a stupid mistake, put his entire organization at risk, and is now forcing CERT to issue a warning. There are perhaps three people like that: someone at Homeland insecurity, someone at MI5, or someone at CERT.
The substance of the warning is: "If you misconfigure your VPN, it might not work"
the real story is that CERT and NISCC have so little of relevance to do with themselves, that they are issuing garbage like this.
Probably what happened is that someone important (therefore too important to actually read the documentation) made a stupid mistake, put his entire organization at risk, and is now forcing CERT to issue a warning. There are perhaps three people like that: someone at Homeland insecurity, someone at MI5, or someone at CERT.