ScreenOS
Latest
Juniper will release another patch for its backdoored firewalls
A couple of weeks after announcing it found "unauthorized code" in firewalls that could've let someone spy on secure VPN traffic, Juniper Networks has another update on the issue. Despite the release of a patch that it says makes the firewalls secure, Juniper will go a step further with another update that swaps out the flawed Dual_EC random number generator in the affected ScreenOS software for newer technology, which will arrive in the first half of 2016. It has also completed an investigation of the source code for that product, and its newer Junos OS-powered devices, and have not found any evidence of similar code.
CNN: FBI is investigating the Juniper Networks security hole
Yesterday's news of "unauthorized code" that could enable untraceable backdoor access to VPN traffic on certain Juniper Networks firewalls is now being investigated by the FBI. That news comes from CNN, which said that a US government official described the vulnerability as "stealing a master key to get into any government building." There's no word yet on which government agencies or private companies may have been using the specific ScreenOS-powered devices affected, but that's what the Department of Homeland Security is now trying to find out.
Juniper Networks finds backdoor code in its firewalls
One of the reasons corporate users and the privacy-minded rely on VPNs is to control access to their networks and (hopefully) not expose secrets over insecure connections. Today Juniper Networks revealed that some of its products may not have been living up to that standard, after discovering "unauthorized code" in the software that runs on its NetScreen firewalls during a code review. Pointed out by security researcher "The Grugq," the backdoor has been present since late 2012 and can only be fixed by upgrading to a new version of software just released today.
