Flaw Found in VPN Crypto Security
peeon writes "CNET reports the British National Infrastructure Security Coordination Centre has discovered a flaw in IPSEC protocol. From the article: 'The flaw, which the NISCC rates as "high" risk, makes it possible for an attacker to intercept IP packets traveling between two IPsec devices. They could then modify the encapsulation security payload--a subprotocol that encrypts the data being transported.'"
Yeah, I intercepted this story elsewhere about 2 days ago.
OLD news for nerds?
AT&ROFLMAO
OpenBSD is blissfully immune to this. Yet another hole they don't have to worry about. I think I may switch.
Always use auth and enc when you set up esp.
Simple, eh?