Cyberoam Packet Inspection Devices Open Traffic To Third Parties 29
New submitter jetcityorange tipped us to a nasty security flaw in Cyberoam packet inspection devices. The devices are used by employers and despotic governments alike to intercept communications; in the case of employers probably for relatively mundane purposes (no torrenting at work). However, the CA key used to issue fake certificates so that the device can intercept SSL traffic is the same on every device, allowing every Cyberoam device to intercept traffic that passed through any other one. But that's not all: "It is therefore possible to intercept traffic from any victim of a
Cyberoam device with any other Cyberoam device - or, indeed, to
extract the key from the device and import it into other DPI devices,
and use those for interception. Perhaps ones from more competent
vendors."
Re:This is suprising? (Score:4, Informative)
They have to inject the cert first (Score:4, Informative)
I don't think this is a cert issuer trusted by major browsers. Unless some "toolbar" or a corporate installation has managed to put this cert into your browser (which happens), this attack may be ineffective against browsers.