Content deleted Content added
Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.3) (Whoop whoop pull up - 13005 |
Citation bot (talk | contribs) Add: date. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | #UCB_webform 517/1152 |
||
Line 41:
Analysis of the firmware code in 2015 showed that a backdoor key could exist using [[Dual_EC_DRBG]]. This would enable whoever held that key to passively decrypt traffic encrypted by ScreenOS.<ref name="wired-secret-code-in-junipers-firewalls">{{cite magazine | url=https://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors | title=Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors | author=Kim Zetter | magazine=Wired | publisher=wired.com | language=English | date=2015-12-18 | accessdate=2017-01-05}}</ref>
In December 2015, Juniper Systems announced that they had discovered "unauthorized code" in the ScreenOS software that underlies their NetScreen devices, present from 2012 onwards. There were two vulnerabilities: One was a simple root password backdoor, and the other one was changing a point in Dual_EC_DRBG so that the attackers presumably had the key to use the pre-existing (intentional or unintentional) [[kleptographic]] backdoor in ScreenOS to passively decrypt traffic.<ref>{{Cite web|url=http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html|title=On the Juniper backdoor|date=22 December 2015}}</ref> <ref>{{Cite web|url=https://finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html?guccounter=2|title=Juniper Breach Mystery Starts to Clear with New Details on Hackers and U.S. Role|date=2 September 2021 }}</ref>
==References==
| |||