US Government – Four Vendors’ Security Equipments Vulnerable to Hacking
The US government security experts said on December 2, 2009 that security apparatus (or equipments) of four firms, namely Juniper, Cisco, SafeNet and SonicWall, contained flaws that could potentially make PCs of large companies vulnerable to hacking assaults.
The warning has come from the US-CERT (United States Computer Emergency Readiness Team) working under the Department of Homeland Security and was posted on its official Internet site. The US-CERT states that by abusing these flaws, hackers could invade computer networks of corporations, install malware, steal secret information or convert computers into spam bots.
According the experts, the flaws exist in equipments working on a technology called SSL-VPN. Corporations use this technology to establish secure communication mechanisms so that internal computers can be safely accessed online. The flaws disturb VPN systems operated straight via Web-browsers instead of via popular software active on end-users' computers, the experts elaborate.
Moreover, manufacturers are still trying to fix the problem that they came to know from government officials' warning on September 24, 2009, said US-CERT. Meanwhile, researchers at US-CERT have built 3 "workarounds," which would lessen, but would not remove, attack's danger.
Responding to the warning, Barry Greene, Head of Security Response Group at Juniper, stated that they had been aware of the flaw for many years and had urged customers to use workarounds while running the systems, as reported by SiliconIndia on December 3, 2009. Greene added that clients practicing optimum security policies had considerably low risk to an extent that they didn't have to fret over it.
Furthermore, Donna St. Germain, SafeNet spokeswoman, stated that her firm had developed a solution to fully remove the danger and explained the method to customers for configuring their equipments, as reported by SiliconIndia.
In addition, Linda Horiuchi, Cisco Australia spokeswoman, stated that her company knew about the flaw and informed its customers via SMS and e-mail, as reported by Australia IT published on December 3, 2009. Horiuchi further stated that Cisco had issued an alert along with additional information to tackle the problem.
Notably, SonicWall didn't reply when asked for its remarks.
Related article: US Passes Baton to Asia in Spam Relay
» SPAMfighter News - 10-12-2009