VPN Hacks (really VPN stupidity)
Posted: Mon Aug 26, 2019 8:48 pm
Hackers are actively trying to steal passwords from two widely used VPNs
How can places that sell security products seriously have flaws like this in their products? If someone isn't authenticated yet, why would you ever send them whatever file they ask for?
If you're an IT consulting company and you're supporting these devices, why the hell would you not recognize the severity of this and patch your clients immediately rather than waiting for them to file a ticket asking if it's been patched yet? Also, don't send an article from the day after the one already sent to you and go, oh yeah, we just read about this. Finally, it's probably not a good idea to acknowledged that the vpn vendor sent you a "your house is on fire"-style email and you ignored it.
These issues are almost exactly like the raft of bugs in ssh from a couple years ago. Did no one familiar with coding the VPN software stop to think then if they might have a similar issue?
How can places that sell security products seriously have flaws like this in their products? If someone isn't authenticated yet, why would you ever send them whatever file they ask for?
If you're an IT consulting company and you're supporting these devices, why the hell would you not recognize the severity of this and patch your clients immediately rather than waiting for them to file a ticket asking if it's been patched yet? Also, don't send an article from the day after the one already sent to you and go, oh yeah, we just read about this. Finally, it's probably not a good idea to acknowledged that the vpn vendor sent you a "your house is on fire"-style email and you ignored it.
These issues are almost exactly like the raft of bugs in ssh from a couple years ago. Did no one familiar with coding the VPN software stop to think then if they might have a similar issue?