Posted on 12/23/2015 9:37:06 PM PST by Utilizer
Dual_EC weaknesses and Juniper error exploited, researchers say.
Security researchers suspect the United States' National Security Agency may have had a hand in the planting of unauthorised backdoors in Juniper's enterprise firewalls.
The network equipment vendor last week issued an urgent security alert for its NetScreen enterprise firewalls, after discovering "unauthorised code" in the device operating system that allows them to be fully compromised.
Juniper had discovered the code during an internal review. The backdoors - which had been in existence since 2012 - meant attackers could gain administrative access and decrypt VPN connections unnoticed.
Researchers have now said the backdoors could have only been planted by a handful of governments due to their sophistication. But it is unclear how the Juniper vulnerability was planted or by whom.
(Excerpt) Read more at itnews.com.au ...
“NSA suspected in Juniper firewall backdoors”
There’s no doubt about it. I have a friend who quit a Juniper subcontractor that was working on this because he wanted nothing to do with it.
And I should have added that Juniper knew what was going on, too.
Details come out after another exploit installed... what do you want to bet?
Intel, Microsoft and probably Google are also involved.
Stasi. They cannot stand anything that the government cannot be allowed to read. UnAmerican.
So it’s not just mikrosloth then. Colour Me Surprised (not!).
Its interesting that my Intel and Microsoft sources of NSA involvement also are in Colorado.
Not willing to bet against that one, mate. Especially after all the news that has begun to pour out in the last several days about this!
GMTA, *laugh*!
I know for a fact Intel and Microsoft are involved.
Someone in a Intel staff meeting two years ago said something he shouldn’t have.
Its not on the books, nor is it coming out of Intel’s budget.
The $$$ is coming directly from the Feds.
Ronald Prins, founder and CTO of Fox-IT, a Dutch security firm, said the patch released by Juniper provides hints about where the master password backdoor is located in the software. By reverse-engineering the firmware on a Juniper firewall, analysts at his company found the password in just six hours.Big fun."Once you know there is a backdoor there, the patch [Juniper released] gives away where to look for [the backdoor] which you can use to log into every [Juniper] device using the Screen OS software," he told WIRED. "We are now capable of logging into all vulnerable firewalls in the same way as the actors [who installed the backdoor]."
I don't know about Intel, but from everything I have learned over the years about u-feathers (microsoft) I would not be at all surprised if even more backdoors appear as time goes by.
So does Cisco. They just need to be able to say "we didn't know"...they need deniability.
Which begs the question, why did Juniper blow the whistle?
Juniper could have simply released a patch "to resolve security issues" without significantly harming the company's reputation. There is probably a very good reason they didn't do that. Perhaps someone threatened to go public with the details unless Jupiter management did so first.
I am behind the times... what is juniper?
They make switches and firewalls for computer networks.
L
I worked for Intel for 25 years until a year ago.
It used to be one of the finest companies in the world.
The DOJ/EU threatened it with multi-billion lawsuits unless they did what they were told.
After 911 and .com crash, something happened which changed the direction and it got much worse under Obama.
Juniper Networks is a large multinational computer company that makes networking products.
Juniper is the third largest market-share holder overall for routers and switches used by Internet service providers.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.