Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Net Nanny parental control software vulnerable to HTTPS spoofing

Net Nanny parental control software vulnerable to HTTPS spoofing

2015/04/23

Softpedia - (International) Researchers from Carnegie Mellon's Computer Emergency Response Team (CERT) discovered security vulnerabilities in ContentWatch's Net Nanny software resulting from its use of man-in-the-middle (MitM) proxies and the same root certificates and private key for all installations, the latter of which is included in plain text in the application. The researchers believe that an attacker could use the key to generate new certificates to spoof legitimate Web sites and avoid user alerts for malicious domains.

Source: http://news.softpedia.com/news/Net-Nanny-Parental-Controls-Software-Vulnerable-to-HTTPS-Spoofing-479183.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:11