Content deleted Content added
removed Category:Defunct companies based in California; added Category:Defunct computer companies based in California using HotCat Tags: Mobile edit Mobile web edit Advanced mobile edit |
m →2015 "unauthorized code" incident: fix common MOS:REFSPACE spacing errors, replaced: /ref> <ref → /ref><ref |
||
Line 42:
Analysis of the [[firmware]] code in 2015 showed that a backdoor [[Key (cryptography)|key]] could exist using [[Dual_EC_DRBG]]. This would enable whoever held that key to passively decrypt traffic [[encrypted]] by ScreenOS.<ref name="wired-secret-code-in-junipers-firewalls">{{cite magazine | url=https://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors | title=Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors | author=Kim Zetter | magazine=Wired | publisher=wired.com | language=English | date=2015-12-18 | accessdate=2017-01-05}}</ref>
In December 2015, Juniper Systems announced that they had discovered "unauthorized code" in the ScreenOS software that underlies their NetScreen devices, present from 2012 onwards. There were two vulnerabilities: One was a simple [[root password]] [[Backdoor (computing)|backdoor]], and the other one was changing a point in Dual_EC_DRBG so that the attackers presumably had the key to use the pre-existing (intentional or unintentional) [[kleptographic]] backdoor in ScreenOS to passively decrypt traffic.<ref>{{Cite web|url=http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html|title=On the Juniper backdoor|date=22 December 2015}}</ref>
==References==
| |||