Tuesday, September 6, 2016

The NSA continues to damage America's economy

This will no doubt get customers flocking to buy gear from Cisco:
Tens of thousands of Cisco ASA firewalls are vulnerable to an authentication bypass exploit thought to have been cooked up by the United States National Security Agency (NSA). 
The "Extra Bacon" exploit was one of many found as part of an Equation Group cache leaked by a hacking outfit calling itself the Shadow Brokers. 
Equation Group is thought to be an offensive NSA Tailored Access Operations unit. The leaked exploits and the tools stolen by Shadow Brokers are thought to have come from a compromised command and control staging server. 
Cisco has rushed out patches against the Extra Bacon exploit, while researchers extended the attack to compromise more modern ASA units.
Add to this the way that NSA used to intercept Cisco devices on the way to delivery (so they could install bugging devices).  Nice work, security apparatus!

No comments: