Juniper Backdoor Only Possible Because Of NSA's Own 'Dual EC' Backdoor, Say Security Experts

[Lucian Armasu]

Security experts discovered that the recent VPN backdoor in Juniper Networks' own firewall operating system was a slightly modified NSA backdoor that already existed in the system, and Juniper has refused to eliminate it so far.

Juniper Backdoor Only Possible Because Of NSA's Own 'Dual EC' Backdoor, Say Security Experts : Read more

 

[fimbulvinter]

Appreciate your security articles. This is good info to know.

 

[therealduckofdeath]

The NSA; breaking down democracy a little bit more every day.
"Let's steal everyone's data"
"Let's leave the internet full of security holes"

 

[Effex]

Thank you for this informative article. Until now, I wasn't aware that Juniper was in league with he NSA to spy on people. That is unfortunate.

 

[jeremy2020]

Truly unfortunate. Best thing to do is replace Juniper hardware as soon as possible.

 

[Darkk]

"We have already asked Juniper Networks twice if there has been any cooperation between the company and the NSA regarding the use of the Dual EC algorithm, but so far it has refused to answer this question. "

This basically confirms the existence of backdoors for NSA to snoop on their customers.

I was actually looking into replacing our firewalls and networking equipment with Juniper. Now with this being brought into the light I will have to find another vendor.

Sorry Juniper. Should have stood your ground to protect your customers. This is going to cost you dearly.

 

[KenZen2B]

Why is it that those that have purchased Juniper Networks products are not pursuing Juniper Networks for full refunds on ALL equipment ?

Not pursuing refunds just lets Juniper Networks get away it.

 

[thor220]

Good luck holding these guys accountable for anything. The budget bill that was just signed last week had many laws that had nothing to do with the budget attached. Included in there was a law that allows companies to freely share information with the government and be free of any and all liability for such an action. In otherwords, companies and the government may freely violate American citizen's rights (well, even more) and of course anyone who's data happens to pass over our servers.

It's no wonder no one wants to do business with american IT firms. There's a 100% chance you are being watched, sentient or otherwise.

 

[KenZen2B]

Good luck holding these guys accountable for anything. The budget bill that was just signed last week had many laws that had nothing to do with the budget attached. Included in there was a law that allows companies to freely share information with the government and be free of any and all liability for such an action. In otherwords, companies and the government may freely violate American citizen's rights (well, even more) and of course anyone who's data happens to pass over our servers.

It's no wonder no one wants to do business with american IT firms. There's a 100% chance you are being watched, sentient or otherwise.

Companies sharing data with government agencies is one thing, but putting in back doors that can be hacked is totally a different case.

 

[knight_of_baawa]

But...but....but....WE HAZ 2 B SAFE FRUM T3H MUZLIMZ! How can we be safe from them unless we let our respective governments spy on us all the time? How can we be safe unless we are constantly monitored???? We must be watched all the time OR T3H MUZLIMZ WILL WIN!!!

 

[firefoxx04]

First the government wants to hold companies responsible for data breaches.. and then they want back doors installed... which will cause more breaches.

politicians are so stupid.

 

[phredie]

here is a more comprehensive explanation of the Juniper problem. It is not only the use of the DEC_PRNG ...

http://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/

 

[dE_logics]

I hope the same isn't true for AES.