Security vulnerabilities in the cloud discovered

Wednesday, 05 August, 2009

SonicWALL has urged Australian companies to rethink their security approach to cloud computing after a new SSL threat was discovered.

The SSL Certificate Null Byte Poisoning vulnerability allows attackers to perform man-in-the-middle sessions hijacking various browser and non-browser based SSL implementations. Once an attacker successfully obtains a specially crafted null byte stuffed certificate designed to imitate the origin content server, privacy of the data can be compromised since there will be no distinguishable notification to the user that the secure connection has been intercepted by an unknown third party.

Dean Redman, Country Manager SonicWALL ANZ, said many local companies could be particularly vulnerable because of an overconfidence in the protection offered by SSL and increasing deployment of cloud-type services.

“Many Australian businesses consider SSL sessions to be pretty much bulletproof once they have a CA-signed certificate in place but we know that is not the case,” Redman said.

“SSL is the backbone of many transactional and remote access solutions but it can leave Australian businesses very exposed if additional layers of security are not used.”

According to Frost & Sullivan, Australia will become increasingly dependent on SSL cryptographic protocols, particularly SSL VPNs, as the country moves to more advanced technologies such as virtualisation and cloud computing.

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd