Linked by Thom Holwerda on Mon 21st Dec 2015 22:27 UTC, submitted by Alfman
Privacy, Security, Encryption

On Thursday, tech giant Juniper Networks revealed in a startling announcement that it had found "unauthorized" code embedded in an operating system running on some of its firewalls.

The code, which appears to have been in multiple versions of the company's ScreenOS software going back to at least August 2012, would have allowed attackers to take complete control of Juniper NetScreen firewalls running the affected software. It also would allow attackers, if they had ample resources and skills, to separately decrypt encrypted traffic running through the Virtual Private Network, or VPN, on the firewalls.

[...]

The security community is particularly alarmed because at least one of the backdoors appears to be the work of a sophisticated nation-state attacker.

Merry Christmas, everybody.

Permalink for comment 622604
To read all comments associated with this story, please click here.
RE[3]: August 2012
by pepa on Wed 23rd Dec 2015 05:09 UTC in reply to "RE[2]: August 2012"
pepa
Member since:
2005-07-08

The encryption is only securing it's content when it's not decrypted, ie. when it's off. When the encrypted filesystem is decrypted and mounted, it's of course fully accessible.

Reply Parent Score: 3