Comments
Juniper Discovers Unauthorized Code In Its Firewall OS
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
1/11/2016 | 12:11:58 PM
Re: Cisco
Hi Jerome -- Juniper posted a blog post late Friday with an update on this that provides some details on its security review of its products in the wake of the breach. "We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products," wrote Bob Worrall, SVP CIO at Juniper.

 
Jerome Amon
50%
50%
Jerome Amon,
User Rank: Ninja
12/28/2015 | 6:32:19 AM
Re: Cisco
Great, so we are waiting. Maybe that will encourage others vendors start review their code and let's public now about the result.
Jerome Amon
50%
50%
Jerome Amon,
User Rank: Ninja
12/28/2015 | 6:26:50 AM
Re: Cisco
Hi Marcia,

Thanks for the link, very informative !

If some strongest features/technologies/tools used by vendors nowadays come from these kind of organisations how these kind of problems can't appear :) just an idea!
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
12/26/2015 | 9:49:02 PM
Re: unauthorized code
@Ashu001 that is a good point. Cost-benefit Analysis can be viewed as a good starting point. Firms will have to assign the appropriate weightages to the advantages and disadvantages. If a business offers a wide range of products to a wide range of customers then, the ripple effects can also create disadvantages in other product lines. For instance, if a manufacturer's switches are blacklisted due to security concerns, customers will be vary of the manufacturer's smartphones as well, etc. 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/25/2015 | 4:46:16 AM
Re: unauthorized code
Brian,

Ultimately most folks in Enterprises do cost benefit Analysis and also in this case-What happens if I lose my data?

How much is it really worth to an attacker/ adversary?

What my personal feeling is that most Enterprises tend to understand the Costs associated with such an issue-Aggressively in some cases.

That needs to stop and we need a more realistic analysis of the ROI and costs involved with a Breach.

thats when everything will hopefully change.

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/25/2015 | 4:42:47 AM
Re: Cisco
Jerome,

If you do read all the Research done on this Backdoor issue HERE-rpw.sh/blog/2015/12/21/the-backdoored-backdoor

It becomes quite clear that the NSA did really put the Backdoor in the Algorithm in the hope that atleast some folks would take the bait.

It should not be surprising to most folks that the Vulnerability in the Algorithm was known since 2007 but none of the Vendors did anything to patch it before this issue broke out and garnered massive media attention.


You are quite right that spyware could be inserted anywhere in the code but to do so obviously and brazenly points the finger directly at the authorities involved.

 

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/25/2015 | 4:34:06 AM
Re: unauthorized code
PMIT,

LOL!!!

This is so so funny and so true!

You will be surprised to know that Huawei networking Gear has found immense acceptance and popularity all across the Developing world today.

Do you feel this would have been the case if they were definitely Spying on all Consumer Data?

I most certainly don't think so and I won't be surprised if one of the major US-centric Vendors Lobbibed some of the Congressmen to push through this ban previously(its just that in the US they call such Financial Contributions as Lobbying).
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/25/2015 | 4:29:05 AM
Re: unauthorized code
Aditshar1,

The Security Blogosphere is abuzz discussing this very topic currently.

And most folks seem to be veering towards the fact that Yes,Juniper did work with the NSA to add Backdoors in their Networking Gear.

If that is true,then what's to stop the NSA from doing the same with Cisco or Dell or HP today?

The possibilities are absolutely mind-boggling!!! Is it any wonder most Privacy-minded folks are crying foul over the New CISA law?

Its most unfortunate that the country that was built on the basis of Liberty and freedom as two of its main building blocks has to resort to such under-hand tactics to basically suppress rebellion of any sorts whatsoever.

 
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
12/23/2015 | 3:22:02 PM
Re: Cisco
Hi Jerome! You're right, attackers can infiltrate every layer. We're still waiting for more information on this from Juniper, but security researchers have figured some things out according to this report.
Jerome Amon
50%
50%
Jerome Amon,
User Rank: Ninja
12/22/2015 | 7:33:57 PM
Re: unauthorized code
Hi, but there are some ISP which are swapping all the existing equipement from the fronthaul to core by Huawei only equipements. about backdoors, i think that is not a problem now.
Page 1 / 2   >   >>


Slideshows
Cartoon
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed