Security Alerts & News
by Tymoteusz A. Góral

History
#1152 Crypto flaw made it easy for attackers to snoop on Juniper customers
As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks.

In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos operating system that allowed adversaries to masquerade as trusted parties. The impersonation could be carried out by presenting a forged cryptographic certificate that was signed by the attacker rather than by a trusted certificate authority that normally vets the identity of the credential holder.

"When a peer device presents a self-signed certificate as its end entity certificate with its issuer name matching one of the valid CA certificates enrolled in Junos, the peer certificate validation is skipped and the peer certificate is treated as valid," Wednesday's advisory stated. "This may allow an attacker to generate a specially crafted self-signed certificate and bypass certificate validation."
Read more
#1156 Ubuntu linux forums hacked - IP address, username and email of 2M accounts compromised
#1155 Now ransomware is taking aim at business networks
#1154 Juniper patches high-risk flaws in Junos OS
#1153 Exploit kits quickly adopt exploit thanks to open source release
#1152 Crypto flaw made it easy for attackers to snoop on Juniper customers
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12