https://threatpost.com/juniper-finds-backdoor-that-decrypts-vpn-traffic/115663/
here too...
http://www.networkworld.com/article/3016992/security/juniper-firewalls-compromised-by-spy-code-what-you-need-to-know.html
Yep. I've already passed that alert on up my command chain. I expect an upgrade sometime next week, probably on Christmas Day, when everything's turned off.
It gets better. The patch reveals another backdoor (not FEEDTHROUGH)
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
Quote from: wintermute000 on December 20, 2015, 04:57:00 AM
It gets better. The patch reveals another backdoor (not FEEDTHROUGH)
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
Prins says the larger concern now is whether other firewall manufacturers have been compromised in a similar manner. "I hope that other vendors like Cisco and Checkpoint are also now starting a process to review their code to see if they have backdoors inserted," he said. :jackie-chan:
They DAMN SURE better be starting that review process, and with all speed... My guess is if they're not able to patch it - and this could be due to other government entanglements - then they'll say nothing or dismiss it like, "That was Juniper's problem, not ours."
But if they can patch it, it may be because they're working with the same actors that introduced the first backdoor and that the patch takes care of everything the vulnerability researchers are going to be looking for... and then, another patch comes out later on with a different sort of backdoor, designed to evade current testing methods.
:notthefirewall:
The password is out in the open:
https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor
https://pbs.twimg.com/tweet_video/CWuoey7XIAA3T2M.mp4
Waiting for the major financial firm to announce it got hacked that way in 3... 2...
No doubt, just look at the amount of devices Shodan has indexed:
https://www.shodan.io/search?query=netscreen
Quote from: SimonV on December 21, 2015, 06:09:46 AM
https://pbs.twimg.com/tweet_video/CWuoey7XIAA3T2M.mp4
:rofl: