Backdoor in NetScreen Firewalls

[upnorth]

Content source

http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/

Quote : " An operating system used to manage firewalls sold by Juniper Networks contains unauthorized code that surreptitiously decrypts traffic sent through virtual private networks, officials from the company warned Thursday.

It's not clear how the code got there or how long it has been there. An advisory published by the company said that NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require immediate patching. Release notes published by Juniper suggest the earliest vulnerable versions date back to at least 2012 and possibly earlier. "

 

[DracusNarcrym]

Well this is a fine mess, isn't it?
I'm sure they're going to patch it out, but how are tge users of the software even going to assess what got out hopefully nothing or just not much and what or who... got in?
It seems to me that Juniper is in for it - depending on what kind of company was using the vulnerable versions of the software, their reputation is sure bound to take a hit.

What do you guys think: Some mad or greedy developer just thought or planned to do some damage, so she/he slipped in the backdoor code, or was it an organized thing? Or maybe some sort of an "inside job"?
This could easily be an episode in a TV series about cyber-law enforcement and hackers and the like.

 

[Kiwimike]

According to TheHackerNews: Juniper Firewalls with ScreenOS Backdoored Since 2012 - The Hacker News, They have already released a patch, this is good considering the severity of the vulnerability.

This could have been an already known vulnerability exploited by Governments? It's great they patched it though, because this could have caused a lot of damage. There is a certain time companies must rush after a vulnerability has gone public before they are probably going to get scripts written for it on the internet.

I'm just worried because there was a vpn vulnerability similar to this released a couple weeks back I think. This could have something to do with it, if that is the case other firewall's and router's might be vulnerable.

 

[LabZero]

This fact is very serious, I wonder how many are vulnerable and in which organizations.

Of course, if the software was "open", it would at least be inspected.

 

[Kiwimike]

This fact is very serious, I wonder how many are vulnerable and in which organizations.

Of course, if the software was "open", it would at least be inspected.

Hence why I like Cisco so much! They are not open source but a lot of their services are, sort of like Redhat. This makes them more secure and also provide a free service to others. It also has a crucial point to any opensource project which is Cisco can actually fund it.

This is why I beileve Snort IDS is so good and customizable.

Because I personally use an IPFire firewall as my router, and it runs great and is very easy to use which is the main thing because some of my family struggle if its ssh only and they have to manually configure the files and Firewall rules. But PFsense is probably a slightly better choice, this is because they have the enterprise backing.

I don't know if you'll agree. But thats my opinion.

 

[upnorth]

When you thought it couldn't get any worse...TaaDaa!

Quote : " Ronald Prins, founder and CTO of Fox-IT, a Dutch security firm, said the patch released by Juniper provides hints about where the master password backdoor is located in the software. By reverse-engineering the firmware on a Juniper firewall, analysts at his company found the password in just six hours.

“Once you know there is a backdoor there, … the patch [Juniper released] gives away where to look for [the backdoor] … which you can use to log into every [Juniper] device using the Screen OS software,” he told WIRED. “We are now capable of logging into all vulnerable firewalls in the same way as the actors [who installed the backdoor].” Ouch!

...Regardless of the precise nature of the VPN backdoor, the issues raised by this latest incident highlight precisely why security experts and companies like Apple and Google have been arguing against installing encryption backdoors in devices and software to give the US government access to protected communication.

“This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire,” Prins says. "

Source : Secret Code Found in Juniper’s Firewalls Shows Risk of Government Backdoors