VPN Hacks (really VPN stupidity)

Just the urls, ma'am.
Post Reply
Tenth Dan Procrastinator
Posts: 4890
Joined: Fri Jul 18, 2003 3:09 am
Location: San Jose, CA

VPN Hacks (really VPN stupidity)

Post by quantus »

Hackers are actively trying to steal passwords from two widely used VPNs

How can places that sell security products seriously have flaws like this in their products? If someone isn't authenticated yet, why would you ever send them whatever file they ask for?

If you're an IT consulting company and you're supporting these devices, why the hell would you not recognize the severity of this and patch your clients immediately rather than waiting for them to file a ticket asking if it's been patched yet? Also, don't send an article from the day after the one already sent to you and go, oh yeah, we just read about this. Finally, it's probably not a good idea to acknowledged that the vpn vendor sent you a "your house is on fire"-style email and you ignored it.

These issues are almost exactly like the raft of bugs in ssh from a couple years ago. Did no one familiar with coding the VPN software stop to think then if they might have a similar issue?
Have you clicked today? Check status, then: People, Jobs or Roads

Post Reply