Cyberoam Packet Inspection Devices Open Traffic To Third Parties - Slashdot

Slashdot

Cyberoam Packet Inspection Devices Open Traffic To Third Parties 29

Posted by Unknown Lamer on Wednesday July 04, 2012 @01:10PM
from the security-through-oh-screw-it dept.

New submitter jetcityorange tipped us to a nasty security flaw in Cyberoam packet inspection devices. The devices are used by employers and despotic governments alike to intercept communications; in the case of employers probably for relatively mundane purposes (no torrenting at work). However, the CA key used to issue fake certificates so that the device can intercept SSL traffic is the same on every device, allowing every Cyberoam device to intercept traffic that passed through any other one. But that's not all: "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or, indeed, to extract the key from the device and import it into other DPI devices, and use those for interception. Perhaps ones from more competent vendors."

This discussion has been archived. No new comments can be posted.

Cyberoam Packet Inspection Devices Open Traffic To Third Parties

Search 29 Comments Log In/Create an Account

Comments Filter:

This is suprising? (Score:5, Insightful)

by houstonbofh (602064) writes: on Wednesday July 04, 2012 @01:17PM (#40542813)

People are surprised that a device that hacks it's way in to ssl communication is insecure? Contrary to popular belief, people that specialise in tearing down walls are not the best wall builders.

Share
twitter facebook linkedin
Derp! (Score:5, Insightful)

by girlintraining (1395911) writes: on Wednesday July 04, 2012 @01:31PM (#40542935)

This just in: End to end encryption which does not form trust via a third party (like a certificate authority) still the best way of securing communications. The certificate authority system has been flawed from day one. IPSEC is still the way to go, along with secure DNS, but as you will note... companies and governments have been dragging their feet on it. A good indication that something is secure is that laws are passed against its use.

Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

1010 commentsWindows 8 Killing PC Sales
985 commentsNTSB Recommends Lower Drunk Driving Threshold Nationwide: 0.05 BAC
953 commentsSome Windows XP Users Can't Afford To Upgrade
863 commentsZDNet Proclaims "Windows: It's Over"
832 commentsSo What If Yahoo's New Dads Get Less Leave Than Moms?

If you have nothing to do, don't do it here.