Juniper Hacked
Since I didn't see any buzz about it on here I figured I would post. Our company was notified on Friday about the security breach and shut down a few edge devices.
Newly discovered hack has U.S. fearing foreign infiltration - CNNPolitics.com
Newly discovered hack has U.S. fearing foreign infiltration - CNNPolitics.com
“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
Comments
-
greg9891
Member Posts: 1,189 ■■■■■■■□□□
Nothing is 100 % secure these days.
sad! :
Upcoming Certs: VCA-DCV 7.0, VCP-DCV 7.0, Oracle Database 1Z0-071, PMP, Server +, CCNP
Proverbs 6:6-11Go to the ant, you sluggard! Consider her ways and be wise, Which, having no captain, Overseer or ruler, Provides her supplies in the summer, And gathers her food in the harvest. How long will you slumber, O sluggard?
When will you rise from your sleep? A little sleep, a little slumber, A little folding of the hands to sleep, So shall your poverty come on you like a prowler And your need like an armed man. -
dustervoice
Member Posts: 877 ■■■■□□□□□□
Nothing has ever been 100% secure; there is no such thing.It would be interesting to see how the code got modified without Juniper knowing. Collusion perhaps or some stupid user clicking on links and documents. who still uses netscreen? An OS thats been defunct since 2004Nothing is 100 % secure these days. sad!
-
networker050184
Mod Posts: 11,962 Mod
At least they found it. How many other compromised products are out there no on even knows about yet? That's the scary part.An expert is a man who has made all the mistakes which can be made. -
chrisone
Member Posts: 2,278 ■■■■■■■■■□
Before people start bashing a brand, this happens to cisco as well. I am a cisco guy but for the sake of this thread getting out of hand with nonsense, just know it happens to many vendors.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
Hondabuff
Member Posts: 667 ■■■□□□□□□□
Not so much a bashing post. I had a few old Netscreen devices that we inherited. The code on our boxes was older then the code that was effected. Looking at what the problem was, it looked like a backdoor was written into the code. Probably a pre production local admin account that was forgot about. Juniper really isn't that old of a company is it?“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
networker050184
Mod Posts: 11,962 Mod
Juniper has been around for about 15-20 years now I believe. Netscreen was also an acquisition for them maybe 10 years ago.An expert is a man who has made all the mistakes which can be made.
-
Dakinggamer87
Member Posts: 4,016 ■■■■■■■■□□
*Associate's of Applied Sciences degree in Information Technology-Network Systems Administration
*Bachelor's of Science: Information Technology - Security, Master's of Science: Information Technology - Management
Matthew 6:33 - "Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need."
Certs/Business Licenses In Progress: AWS Solutions Architect, Series 6, Series 63 -
wastedtime
Member Posts: 586 ■■■■□□□□□□
The backdoor login info has been released. Due to how important this is SANS ISC raised from green to yellow threat level. I'm still curious as to what the VPN issue was and how this has gone unnoticed for so long. I would like to see that information.
-
alias454
Member Posts: 648 ■■■■□□□□□□
networker050184 wrote: »At least they found it. How many other compromised products are out there no on even knows about yet? That's the scary part.
Not trying to pick on Juniper or any other company for that matter but isn't it time to start asking some tough questions? How do we stop it? As consumers of these products, how do we as an industry start to make it known we won't stand for poor practices or poor quality products? At some point, some liability is going to have to shift back to the companies pushing this stuff out into the market. Does this constitute gross negligence? I think to Juniper's credit they released their initial announcement pretty quickly but similar to Target, that doesn't make me sleep any better.
Again. this is not specific to Juniper or Cisco or any other company
https://isc.sans.edu/forums/diary/Infocon+Yellow+Juniper+Backdoor+CVE20157755+and+CVE20157756/20521/
Malicious Cisco router backdoor found on 79 more devices, 25 in the US | Ars Technica
https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html
When a single e-mail gives hackers full access to your network | Ars Technica
http://www.computerworld.com/article/2921388/network-security/insecure-routers-hacked-yet-again.html
http://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html
“I do not seek answers, but rather to understand the question.” -
Params7
Member Posts: 254
And Cisco devices have been known to be bugged by NSA before they get shipped internationally:
Photos of an NSA -
JDMurray
Admin Posts: 13,092 Admin
There was a SANS Webcast released with early technical details on the Juniper vulnerabilities (you will need a free account on sans.org to view it): https://www.sans.org/webcasts/juniper-screenos-backdoor-101482/
The podcast Security Now! (Episode 539, 12/22/2015) by Steve Gibson (www.grc.com/securitynow.htm) contains an in-depth explanation of the Juniper vulnerabilities. The discussion is from 00:26:45 to 00:59:10 in the video stream.
Show page: https://twit.tv/shows/security-now/episodes/539?autostart=false
Show notes (PDF): https://www.grc.com/sn/SN-539-Notes.pdf
The following links will become available after the holidays:
Show archive: https://www.grc.com/securitynow.htm#539
Show transcript (PDF): https://www.grc.com/sn/sn-539.pdf -
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
Alias454,
I dont think you can call it gross negligence, this is what happens when people develop things, especially when code is shared so much as it is now. You get one tiny chunk of code amongst thousands that when you implement are thought to be secure. then going forward you have to keep track of every line of code and insure it is not now a know exploit. this is a massive task when like windows for example you have over 50,000,000 lines of code. First of all you have to hope the coders have recorded every thing they have done and that you have people reviewing the current list of know exploites and comparing them to your products.
This is a never ending job, so all companies need to balance time spent on securing there code with developing and making a profit.
We should expect them to do a good job but we know that some times they will fail, this is why its important to insure security in our organisations is good and we dont simple assume that devices and technologies out of the box will protect us.- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
varelg
Banned Posts: 790
Devices and technologies that protect out of the box is actually how they are marketed and why they are bought by people. People buy them and install them so they don't have to think of looking over their back all the time and want tol be able to focus on their business.Alias454, ]
This is a never ending job, so all companies need to balance time spent on securing there code with developing and making a profit.
We should expect them to do a good job but we know that some times they will fail, this is why its important to insure security in our organisations is good and we dont simple assume that devices and technologies out of the box will protect us.
Doing a good job on software development: typical open-source developer skips on testing and documentation all the time so other developers (and companies) see how FOSS gets away with it and think "if they are getting away with non-documentation and absence of testing, why shouldn't we?" -
varelg
Banned Posts: 790
NSA is an agency of the government of which country again?This is what happens when things are made in other countries.
Even the title is laughable- foreign intervention- and coming from... CNN?! The leader in balanced reporting...
How many breaches of security that were attributed to foreign hackers were actually later proven to come from NSA itself? Which agency pressed disk major disk manufacturers into installing rootkits as firware in their products? With a "watchdog" like this there's no need of foreign intervention.
