As if the discovery of the Heartbleed flaw weren’t enough woe for OpenSSL, more than half a dozen additional defects have been discovered in the code used to protect communication on the Web.Among them is one dubbed “Cupid” by its discoverers. The flaw can be used to compromise enterprise networks.Like Heartbleed, Cupid uses a malicious heartbeat packet to compromise a TLS connection. TLS, or Transport Layer Security, is used to secure communications on the Internet.However, in Cupid’s case, that TLS connection is being made over EAP, which is used to establish a WiFi connection. EAP, or Extensible Authentication Protocol, is an authentication framework used on WiFi networks and for point-to-point connections such as virtual private networks, or VPNs.”Cupid is heartbleed in different clothing,” Kevin Bocek, vice president of product marketing at Venafi, told TechNewsWorld. Because Cupid can be used to attack VPN connections, it can be very dangerous to the enterprise, according to Bocek.”What’s most scary to me is that it gives an attacker access to information at the corporate gateway,” he said. “It could potentially retrieve very valuable information, including the keys and certificates used to say any given VPN source is trusted, and user names and passwords.”The discovery… Read full this story
- Wild at heart
- Mystery man Burke the rock at heart of Galway defence
- BBC Devon & Cornwall Live: 3 August
- Premier League 2018-19 definitive club-by-club guide: Likely line-ups, best signings
- The Forgotten War: A Visit to the Killing Fields of Yemen
- Whisky on ice: The downfall of Antarctica NZ's bon vivant
- Israeli family vows to keep up fight for son's remains
- The Saudi Crown Prince’s Final Option
SPOTLIGHT ON SECURITY Cupid Fires Arrow at OpenSSL's Heart have 273 words, post on www.ecommercetimes.com at June 10, 2014. This is cached page on Drudgereport. If you want remove this page, please contact us.