Submitted via IRC for Bytram
American intelligence follows British lead in warning of serious VPN vulnerabilities
The US National Security Agency (NSA) is warning admins to patch a set of months-old security bugs that have recently come under active attack.
The NSA's bulletin, issued earlier this week, says that state-sponsored hacking groups are now actively targeting the remote takeover and connection hijacking flaws in VPNs that were first publicized in April of this year.
"These vulnerabilities allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways. Other vulnerabilities in the series allow for interception or hijacking of encrypted traffic sessions," the NSA warned.
"Exploit code is freely available online via the Metasploit framework, as well as GitHub. Malicious cyber actors are actively using this exploit code."
(Score: 3, Insightful) by opinionated_science on Saturday October 12 2019, @06:39PM
uses RSA keys, so as long as they are not easy to break, a pretty good tool.
Also, *way* less complicated than openvpn, which we used to use...!
(Score: 2, Insightful) by fustakrakich on Saturday October 12 2019, @07:37PM (3 children)
Now the arsonist has to be the fireman.
La politica e i criminali sono la stessa cosa..
(Score: 0) by Anonymous Coward on Sunday October 13 2019, @12:20PM (2 children)
It is perhaps possible, if not plausible, to distinguish between the threat and consequences of a fire at the bottom of a hill and the houses at the top.
(Score: 2, Interesting) by khallow on Sunday October 13 2019, @02:11PM
How do we know they're sincere this time when it's perhaps another move in their SIGINT game?
(Score: 1) by fustakrakich on Sunday October 13 2019, @04:54PM
You don't understand. The NSA lit the fire. They were caught. Now they need to cover up with this "warning"
La politica e i criminali sono la stessa cosa..
(Score: 2, Funny) by Anonymous Coward on Saturday October 12 2019, @07:55PM (3 children)
Is that still a thing?
(Score: 3, Touché) by MostCynical on Saturday October 12 2019, @08:10PM
Sign says that on the door..
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Sunday October 13 2019, @12:27AM (1 child)
Not in your house.
(Score: 0) by Anonymous Coward on Sunday October 13 2019, @05:35AM
Why. So. SERIOUS???
(Score: 0) by Anonymous Coward on Sunday October 13 2019, @12:23AM
So a gaggle of "vpn" like things leave cookies that can be used to decrypt sessions? And some proprietary junk has remote code vulnerabilities? Whatever will we do?
If the NSA is alerting about it, the usefulness of this particular back door must be done.
Funny how this isn't a problem with openvpn.