SSL VPNs can be compromised in a way that enables them to take over remote users’ machines and potentially cause mischief inside the networks they attach to, according to research presented at the Black Hat conference.
The problem can exist with Web clients that install themselves on remote machines at the start of SSL VPN sessions, said Michael Zusman, a senior consultant for the Intrepidus Group. (Dan Kaminsky also spoke at Black Hat about how SSL certificates used to confirm the validity of Web sites could be circumvented with a DNS attack.) Zusman said his research does not apply to SSL VPN clients that are installed permanently on machines as part of computers’ standard software loads. SSL VPNs might not be as secure as you think | InfoWorld | News | 2008-08-07 | By Tim Greene, Network World
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag