Juniper Finds Backdoor In NetScreen Firewalls, Possibly Already Exposed By NSA Whistleblower In 2013

Status
Not open for further replies.

bit_user

Splendid
Herald
Is there any evidence of that? I'm not saying it didn't happen, but you should really cite evidence, when making these claims. Wild conspiracy theories are actually counterproductive, by fostering cynicism and distracting from real conspiracies and corruption.

At least in the US, tech companies are truly independent of the government, and many have upgraded their security since the Snowden revelations. In China, many of the big tech firms are state-owned enterprises, where there's a direct conflict of interest between government control and privacy.
 

dthx

Distinguished
Mar 31, 2010
183
0
18,680
0
That's exaclty why the US Govt. is forbidding US companies to acquire Huwaei network equipments. They are equipped with the wrong type of backdoors ;-)
 

toadhammer

Honorable
Nov 2, 2012
109
0
10,680
0
Is there any evidence of that? I'm not saying it didn't happen, but you should really cite evidence, when making these claims. Wild conspiracy theories are actually counterproductive, by fostering cynicism and distracting from real conspiracies and corruption.
Through personal experience, I'm willing to say it's not all just conspiracy theory. Seeing others' experience, I am not willing to be more specific.

While companies may be independent of governments, companies are not necessary averse to getting "help" to gain or close a deal.
 

bit_user

Splendid
Herald

I see what you did there, except it was Huawei that was trying to acquire US firms. You might update your joke to say the NSA won't allow it, since they want to keep their backdoors in these devices. If a Chinese state-owned-enterprise bought a US tech firm, they'd probably change all the backdoors, or at least the keys.

Speaking of which, I'm a bit skeptical that NSA is responsible for this, because their mandate includes security of US infrastructure and interests. I'd think/hope that they'd make any of their backdoors difficult to exploit by anyone else. But I'm pretty sure most backdoors used by the NSA are ones they discover - not created by them.

Anyway, I really wish (but don't expect) Juniper would say how the backdoors were added. Were they added to some open source libraries they use? Were they added by a bad employee? Or did hackers actually gain access to Juniper's source control servers and add them directly.
 

bit_user

Splendid
Herald
Many governments require backdoors in internet services (not so sure about infrastructure, since they could control that by conventional means). They're usually more secure, though. Remember, what they want is to have control, but what they don't want is for hackers to gain that control. So, a purpose-built backdoor should both be obscure and use strong security. That's why I think this was added by hackers (though they could have been working for a certain government who probably doesn't use Juniper's products).
 

toadhammer

Honorable
Nov 2, 2012
109
0
10,680
0


These black bag projects pretty much follow the way any other software development works. If there is a rush to put something in place for a particular event/operation/deadline, things get a bit rushed. The top priority isn't actually security, it's secrecy and keeping things unnoticed. Again, like anywhere else, after things are in place it's not a priority to spend more time/money on improving the security. All that matters at that point is whether it works and has the features they want.
 
Status
Not open for further replies.

ASK THE COMMUNITY