|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Finnish Communications Regulatory Authority (FICORA) Switchboard +358 9 69 661 Television fees Customer service of Fi-domain names +358 9 6966 700 |
14.11.2005 FICORA coordinates worldwide search for severe vulnerabilitiesFICORA coordinates worldwide search for critical vulnerabilities The Finnish national CERT team of the Finnish Communications Regulatory Authority (FICORA) together with the British organisation NISCC (National Infrastructure Security Co-ordination Centre), has actively contributed to the correction of new, critical vulnerabilities. Vulnerabilities in the ISAKMP (Internet Security Association and Key Management Protocol) protocol implementations were discovered with a test tool made by the OUSPG research group from the University of Oulu in Finland. Since the discovery, FICORA's CERT-FI team has actively shared the test tool with software and device manufacturers around the world, and coordinated activities related to the test phase. The ISAKMP protocol is, for example, used for creating encrypted VPN (Virtual Private Network) connections. VPN connections are used for encrypting confidential information when data is transferred between an organisation's offices, for example. By exploiting the vulnerabilities, the attacker can run arbitrary commands on the target network device or the computer system. Vulnerabilities can also be exploited by attackers to cause denial of service conditions. CERT-FI's has given out an alert about the vulnerabilities. The alert is available (in Finnish) at FICORA's website at http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82/.htm The joint advisory of the CERT-FI team and NISCC: http://www.ficora.fi/englanti/document/ISAKMP.pdf Further information:
|
