Browser-based Backdoor Attack for SSL?

by VPNHaus | 06/17/2009 | 64-Bit, Highlights

Read an interesting post last week on ThreatPost, New attack class exploits intranet weaknesses. Dennis Fisher reports on a new class of attacks caused by organizations using non-routable IP space on their internal networks—including an attack that compromises VPN users through the use of a persistent JavaScript backdoor. The research was done by Robert Hansen, Amit Klein and HD Moore.

It appears to us the attacks are subject to SSL rather than IPSec VPNs because it is browser-based. Moreover, the diagrams look like the attacks originated inside the network. We can’t be sure based solely on the paper. Can anyone clarify or have opinions on this research paper?

back to overview