Juniper ScreenOS Backdoor

Forums › IT Pro and developers › Juniper ScreenOS Backdoor

benchit

37 posts

Geek
+1 received by user: 1

#189311 23-Dec-2015 16:12

I couldn't see any other discussion about this going, so starting this one.

So as many of you might know already and some who might not, this is making some headlines recently.

http://www.zdnet.com/article/juniper-screenos-devices-had-default-backdoor-password-rapid7/

I think the main thing here is, no it's not a bug patch. PR nightmare much?

3344 posts

Uber Geek
+1 received by user: 1041

Trusted

Vocus

#1456116 23-Dec-2015 16:21

Pretty nasty. However also nasty is allowing remote access to your firewall with password auth.

Amanzi
1354 posts

Uber Geek
+1 received by user: 331

Trusted

Lifetime subscriber

#1456138 23-Dec-2015 16:37

I find this fascinating... it's the kind of stuff you see in the movies when a secret agent says: "I'm just hacking into the firewall..."

Here's some further reading (some of which is way over my head, but still interesting...)
http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html
https://www.schneier.com/blog/archives/2015/12/back_door_in_ju.html
https://rpw.sh/blog/2015/12/21/the-backdoored-backdoor/

37 posts

Geek
+1 received by user: 1

#1456389 24-Dec-2015 08:17

Not bad video about Dual EC here
Oh and summarizing modern security

My views are not necessarily that of any of my clients and/or employer/s.