NNSquad - Network Neutrality Squad
[ NNSquad ] Deep packet inspection device purged of flaw that threatened TOR users
Deep packet inspection device purged of flaw that threatened TOR users http://j.mp/NaSQDz (ars technica) "Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key," TOR researcher Runa A. Sandvik wrote in a blog post published last Tuesday. "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device-or to extract the key from the device and import it into other DPI devices, and use those for interception." Someone commenting on the post went on to publish the purported private key used by the Cyberoam certificate. - - - --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org Founder: - Data Wisdom Explorers League: http://www.dwel.org - Network Neutrality Squad: http://www.nnsquad.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org - PRIVACY Forum: http://www.vortex.com Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad