[e-privacy] Cyberoam DPI vulnerability scares Tor
simone a winstonsmith.info
simone a winstonsmith.info
Mar 10 Lug 2012 11:56:23 CEST
Last week, on blog.torproject.org was published the news relative to a
security vulnerability found in Cyberoam DPI devices (CVE-2012-3372).
All is started when a user in Jordan reported seeing a fake certificate
to torproject.org.
The certificate was issued by Cyberoam companies and the researchers of
the Tor project believed that the CA has been tricked such as famous
predecessors Comodo, Diginotar. The user not reported problems during
its ordinary navigation, he was able to browse web site such as Twitter,
Facebook and Gmail, this scenario suggests we are facing with a targeted
attack to trick Cyberoam to issue fake certificate for torproject.org
website.
http://securityaffairs.co/wordpress/7160/digital-id/cyberoam-dpi-vulnerability-scares-tor.html
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: signature.asc
Tipo: application/pgp-signature
Dimensione: 189 bytes
Descrizione: OpenPGP digital signature
URL: <http://lists.winstonsmith.org/pipermail/e-privacy/attachments/20120710/47464897/attachment.pgp>
Maggiori informazioni sulla lista
e-privacy