Results 1 to 7 of 7
  1. #1
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,843
    Thanks
    258
    Thanked 175 Times in 148 Posts

    Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA

    http://www.wired.com/2015/12/researc...eedinformer%29

    Security researchers believe they have finally solved the mystery around how a sophisticated backdoor embedded in Juniper firewalls works. Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniperís devices.

    The researchersí findings suggest that the NSA may be responsible for that backdoor, at least indirectly. Even if the NSA did not plant the backdoor in the companyís source code, the spy agency may in fact be indirectly responsible for it by having created weaknesses the attackers exploited.

  2. #2
    jwoods
    Guest
    Seem like the onus is on Jupiter Networks...

    "But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack."

    It's not clear why they were using Dual_EC for their encryption algorithm.
    Last edited by jwoods; 2015-12-22 at 20:28.

  3. #3
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,843
    Thanks
    258
    Thanked 175 Times in 148 Posts
    They weren't the only ones.
    The only problem with this is that major companies, like Cisco, RSA, and Juniper did use Dual_EC. The companies believed this was okay because for years no one in the security community could agree if the weakness in Dual_EC was actually an intentional backdoor.

  4. #4
    jwoods
    Guest
    The backdoor has been known since 2013...

    http://bits.blogs.nytimes.com/2013/0...tandards/?_r=0

  5. #5
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,843
    Thanks
    258
    Thanked 175 Times in 148 Posts
    Yes, that's what it said in the article.

  6. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    How can you blame the NSA for code you used/wrote?!

    cheers, Paul

  7. #7
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    Two years to fix it...glad to see they have so much concern for their customer's security. Still, for those in the USA, the latest omnibus bill retroactively and proactively absolves them of responsibility. Mighty white of your Representatives.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •