Posted on 01/10/2016 5:45:20 PM PST by Utilizer
Juniper has confirmed it will stop using a piece of security code that analysts believe was developed by the National Security Agency in order to eavesdrop through technology products.
The Silicon Valley maker of networking gear said it would ship new versions of security software in the first half of this year to replace those that rely on numbers generated by Dual Elliptic Curve technology.
The statement on a blog post came a day after the presentation at a Stanford University conference of research by a team of cryptographers who found that Juniper's code had been changed in multiple ways during 2008 to enable eavesdropping on virtual private network sessions by customers.
Last month, Sunnyvale-based Juniper said it had found and replaced two unauthorised pieces of code that allowed "back door" access, which the researchers said had appeared in 2012 and 2014.
The 2014 back door was straightforward, said researcher Hovav Shacham of the University of California, allowing anyone with the right password to see everything.
The 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop, according to Shacham and his fellow investigators.
(Excerpt) Read more at itnews.com.au ...
Call me suspicious but I wonder how much of my home use hardware/software has hidden ports for the feds (and hackers) to access my personal information. If it doesn't have it now, it will in the future.
It wouldn't be hard for a company to embed something like this in my router. Same with my cell phone. Same with software programs like MSOffice, etc.
Not that I have anything to hide but this kind of vulnerability can be exploited by hackers trying to steal my bank account information.
if’you have windows you are spied on. since nt.
Hussein is probably behind this. He is a criminal and needs to be jailed.
Ya.
It’s not just an individual threat. Businesses also are vulnerable to this exploit and need to be aware of its existence and efforts to eradicate it.
Yup.
So VPN users were the target? Presumably, the VPN provider would be using one of these routers, right?
Indeed. Many people over the years have learned about the cleverly-hidden BackDoor entrance into the ‘doze OS discreetly named as NSA-BackDoor, or something along those lines.
For those of you who know its full title, feel free to post it here so others who may not know of it can see how it was fiendishly hidden with the one innocuous title.
It was a Registry entry, was it not?
Do you really think this is the only one? I would bet EVERY chip, firmware and software in our computers if full of these backdoors. The backdoors are patched but new ones are always found. Just assume someone is watching or listening to you when you use your computer.
It would appear so from what the article states. More likely the router itself would be the culprit, from what I glean skimming through the article.
Yeah, it was a registry entry.
is there a way to ....
generated a random number some other way.
plug in that number, instead of the NSA number
???
Sorry, but I seriously doubt that EVERY chip and piece of software is that compromised. If nothing else, the ‘nix coders would have found it and developed patches to bypass the security ‘features’ as quickly as possible.
Only if you are a coder, and don’t mind instantly losing communication with anyone else.
Thanks. I am not a ‘doze user and someone more experienced in it than I showing where it lay is extremely helpful. Think I will look over some of the previous notes I had on it and see if I can come up with the exact Registry entry that somehow failed to slide past the sharp-eyed scrutiny of any security-minded individual when it was first noted.
Cheers. :)
One way to generate random numbers, although not so easy (tedious but not difficult), is to get a set of gamers' ten-sided dice. If properly made, they give random digits. The numbers you get will work well for one-time-pads, but I don't know how easy it would be, if it is even possible, to insert them in a router's encryption scheme.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.