NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Deep packet inspection device purged of flaw that threatened TOR users

Deep packet inspection device purged of flaw that threatened TOR users

http://j.mp/NaSQDz  (ars technica)

   "Examination of a certificate chain generated by a Cyberoam DPI device
   shows that all such devices share the same CA certificate and hence
   the same private key," TOR researcher Runa A. Sandvik wrote in a blog
   post published last Tuesday. "It is therefore possible to intercept
   traffic from any victim of a Cyberoam device with any other Cyberoam
   device-or to extract the key from the device and import it into other
   DPI devices, and use those for interception." Someone commenting on
   the post went on to publish the purported private key used by the
   Cyberoam certificate.

 - - -

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Data Wisdom Explorers League: http://www.dwel.org
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list