Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Juniper Announces Three Year Old Backdoor
December 21, 2015
It looks like the government may have gotten its wish. Juniper announced that it found “unauthorized” code embedded in an operating system running on some of its firewalls. The code, which appears to have been in multiple versions of the company’s ScreenOS software going back to at least August 2012, would have allowed attackers to take complete control of Juniper NetScreen firewalls running the affected software. The discovery means that an attacker could decrypt encrypted traffic running through the device. Juniper has released a patch, but the disturbing part is that there is a hard coded password programmed in the software that can be exposed in unpatched firewalls. Why a programmer would insert a password in the code is unbelievable these days. I think I would look for a different firewall provider.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com