Linked by Thom Holwerda on Mon 21st Dec 2015 22:27 UTC, submitted by Alfman
Privacy, Security, Encryption

On Thursday, tech giant Juniper Networks revealed in a startling announcement that it had found "unauthorized" code embedded in an operating system running on some of its firewalls.

The code, which appears to have been in multiple versions of the company's ScreenOS software going back to at least August 2012, would have allowed attackers to take complete control of Juniper NetScreen firewalls running the affected software. It also would allow attackers, if they had ample resources and skills, to separately decrypt encrypted traffic running through the Virtual Private Network, or VPN, on the firewalls.

[...]

The security community is particularly alarmed because at least one of the backdoors appears to be the work of a sophisticated nation-state attacker.

Merry Christmas, everybody.

Permalink for comment 622612
To read all comments associated with this story, please click here.
RE[5]: August 2012
by pepa on Wed 23rd Dec 2015 10:15 UTC in reply to "RE[4]: August 2012"
pepa
Member since:
2005-07-08

It would be very interesting to know more about the capabilities of these ring-zero OS's. If stealth access is an objective, I would expect they tap into the client OS. But I agree, that needs to happen, because just accessing the storage would not help.

Reply Parent Score: 3