back to article American intelligence follows British lead in warning of serious VPN vulnerabilities

The US National Security Agency (NSA) is warning admins to patch a set of months-old security bugs that have recently come under active attack. The NSA's bulletin, issued earlier this week, says that state-sponsored hacking groups are now actively targeting the remote takeover and connection hijacking flaws in VPNs that were …

  1. Anonymous Coward
    Anonymous Coward

    Beware of TLA's ...

    ... bearing Rear Orifices.

    1. robidy Silver badge

      Re: Beware of TLA's ...

      I always set my password to incorrect.

      That way I always get a reminder if I forget it.

  2. sum_of_squares
    Trollface

    "Hey boss, seems like our european cousins found out about the VPN backdoor we exploited 2 years ago."

    "No biggie. Tell 'em we'll <<follow that lead>> or something. That will make them happy."

  3. gerdesj Silver badge
    Childcatcher

    Not all VPNs

    "Check Point and pfSense, meanwhile, have confirmed they do encrypt the cookies in question." ( https://www.theregister.co.uk/2019/04/12/uscert_vpn_alert/ )

    1. JCitizen Bronze badge
      Thumb Up

      Re: Not all VPNs

      Yeah, but CheckPoint RULES!!

  4. Pascal Monett Silver badge

    What's that ?

    "The US National Security Agency (NSA) is warning admins to patch a set of months-old security bugs that have recently come under active attack" they don't need any more.

    There, FTFY.

    1. Khaptain Silver badge

      Re: What's that ?

      Exactly, now that they have successfully managed to hack the upgraded/patches versions.

    2. David Shaw

      Re: What's that ?

      remote takeover and connection hijacking flaws in VPNs that were *first publicized in April of this year*

      er... didn't a certain former Hawaii resident (now wearing a fur hat) mention several years ago that the start-up phase of any encrypted tunnel, sesh, VPN etc was highly targeted by his former contractual buddies; so I think VPN's are , and will always remain, virtually private, rather then being *actually* private in the real-world.

  5. thexfile
    Flame

    NSA should be banned.

    NSA hacks routers and phones.

    1. IGotOut Silver badge

      Re: NSA should be banned.

      That's their job.

    2. robidy Silver badge

      Re: NSA should be banned.

      Banning the NSA is like banning any other org you don't like....it goes undergound and becomes less accountable.

      It already happens, the US tend to use GCHQ on US citizens and vice versa....

      1. Yet Another Anonymous coward Silver badge

        Re: NSA should be banned.

        If ordinary honest people don't have a secret government agency illegally spying on them then only the criminals will have an evil government agency spying on them ....

    3. schifreen

      Re: NSA should be banned.

      Yup. In today's other news, bears crap in the woods and United breaks guitars.

      This just in: Pope still catholic.

      1. Anonymous Coward
        Anonymous Coward

        Re: NSA should be banned.

        Pope still catholic"

        Groups of conservative Catholic clerics are apparently disputing that and plotting his replacement with a "true believer" in their own mould.

  6. Yet Another Anonymous coward Silver badge

    Did I miss a memo ?

    I thought VPNs were only used by criminal terrorist child eaters ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020