RSS Feed
December 19th, 2015 
Awake Goy
Probable Government Backdoors Found on Juniper Firewalls
December 19th, 2015
Via: Wired:
On Thursday, tech giant Juniper Networks revealed in a startling announcement that it had found “unauthorized� code embedded in an operating system running on some of its firewalls.
The code, which appears to have been in multiple versions of the company’s ScreenOS software going back to at least August 2012, would have allowed attackers to take complete control of Juniper NetScreen firewalls running the affected software. It also would allow attackers, if they had ample resources and skills, to separately decrypt encrypted traffic running through the Virtual Private Network, or VPN, on the firewalls.
“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,� Bob Worrall, the companies’ CIO wrote in a post. “Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.�
…
The security community is particularly alarmed because at least one of the backdoors appears to be the work of a sophisticated nation-state attacker.
“The weakness in the VPN itself that enables passive decryption is only of benefit to a national surveillance agency like the British, the US, the Chinese, or the Israelis,� says Nicholas Weaver, a researcher at the International Computer Science Institute and UC Berkeley. “You need to have wiretaps on the internet for that to be a valuable change to make [in the software].�
<!–
–>
<!– AD CAN GO HERE
END: AD CAN GO HERE –>
Leave a Reply
You must be logged in to post a comment.
Source Article from http://www.cryptogon.com/?p=47866
Posted in 
Tags: 
