Saturday, December 19, 2015

Backdoors Bite US in the Ass

[D]espite all the attention focused on backdoors lately, no one noticed that someone had quietly installed backdoors three years ago in a core piece of networking equipment used to protect corporate and government systems around the world. On Thursday, tech giant Juniper Networks revealed in a startling announcement that it had found “unauthorized” code embedded in an operating system running on some of its firewalls. Juniper released patches for the software yesterday and advised customers to install them immediately.

[...]

The security community is particularly alarmed because at least one of the backdoors appears to be the work of a sophisticated nation-state attacker.

[...]

But the backdoors are also a concern because one of them—a hardcoded master password left behind in Juniper’s software by the attackers—will now allow anyone else to take command of Juniper firewalls that administrators have not yet patched, once the attackers have figured out the password by examining Juniper’s code.

Ronald Prins, founder and CTO of Fox-IT, a Dutch security firm, said the patch released by Juniper provides hints about where the master password backdoor is located in the software. By reverse-engineering the firmware on a Juniper firewall, analysts at his company found the password in just six hours.

“Once you know there is a backdoor there, … the patch [Juniper released] gives away where to look for [the backdoor].

  Sired
Great patch.
Green says the hypothetical threat around NSA backdoors has always been: What if someone repurposed them against us?

[...]

Regardless of the precise nature of the VPN backdoor, the issues raised by this latest incident highlight precisely why security experts and companies like Apple and Google have been arguing against installing encryption backdoors in devices and software to give the US government access to protected communication.

“This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire,” Prins says.

[...]

Prins says the larger concern now is whether other firewall manufacturers have been compromised in a similar manner. “I hope that other vendors like Cisco and Checkpoint are also now starting a process to review their code to see if they have backdoors inserted,” he said.


...but hey, do what you want...you will anyway.

No comments: