Deep packet inspection device purged of flaw that threatened TOR users
Cyberoam, a maker of appliances designed to secure sensitive networks, said it has issued an update to fix a flaw that could be used to intercept communications sent over the TOR anonymity network.
Cyberoam issued the hotfix on Monday to a variety of its unified threat management tools. The devices, which are used to inspect individual packets entering or exiting an organization's network, previously used the same cryptographic certificate. Researchers with the TOR network recently reported the flaw and said it caused a user to seek a fake certificate for thetorproject.org when one of the DPI (or deep packet inspection) devices was being used to monitor his connection.
"Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key," TOR researcher Runa A. Sandvik wrote in a blog post published last Tuesday. "It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device—or to extract the key from the device and import it into other DPI devices, and use those for interception." Someone commenting on the post went on to publish the purported private key used by the Cyberoam certificate.
- Tue, 2013-05-14 00:20
- Mon, 2013-05-06 01:20
- Tue, 2013-02-05 18:17