“Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic

Discussion in 'other security issues & news' started by ronjor, Dec 17, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    This is bad stuff, really bad. I wonder who's behind it, the US government has already denied being responsible.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
    https://isc.sans.edu/diary/Infocon Yellow: Juniper Backdoor (CVE-2015-7755 and CVE-2015-7756)/20521
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    Update for Customers
    http://www.reuters.com/article/us-juniper-networks-cyberattack-cisco-sy-idUSKBN0U42FQ20151221
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,087
  8. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,087
    Moment of truth: Feds must say if they used backdoored Juniper firewalls
    http://arstechnica.com/tech-policy/...ay-if-they-used-backdoored-juniper-firewalls/
     
  11. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    I get the feeling the NSA is a law unto itself these days...

    @Minimalist

    Feb 4, huh? They'll probably scramble to destroy the documents.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,087
    They could destroy them or just make up report documents. Who knows if anybody will actually check if those reports are true and backed by other documents.
    Destroying or falsifying all documents (invoices, inventory lists...) would probably take too much time. But I doubt that anybody will be checking them either.
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,087
    Juniper Completes Removal of Dual_EC
    https://threatpost.com/juniper-completes-removal-of-dual_ec
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
Loading...