Posted on 12/17/2015 7:54:53 PM PST by Utilizer
Urges customers to patch Netscreen devices immediately.
Network equipment vendor Juniper has issued an urgent security alert for its Netscreen range of enterprise firewalls, after discovering "unauthorised code" in the device operating system that allows them to be fully compromised.
According to Juniper chief information officer Bob Worrall, the code was discovered during an internal review of the ScreenOS operating system for the Netscreen firewalls.
One vulnerability could be triggered to permit an attacker to log in via Secure Shell or telnet connections, and gain administrative privileges on Netscreen firewalls.
(Excerpt) Read more at itnews.com.au ...
F’en Lovely
I would like to hear a full explanation of “unauthorized code”.
A sneaky Chinese agent added code when they weren’t looking?
A smartass US hacker managed to add some secret sauce during production?
Incompetent engineers at Juniper didn’t actually verify and validate the code the way they should have?
Ben, beat Me by about ten minutes. :)
http://freerepublic.com/focus/f-chat/3374004/posts
Mods, this is not an identical post but is preceded by Ben’s post so ‘your call’ to Lock, Pull, or Ignore.
Cheers!
Spookiest of all, the code shipped with the box.
That’s kind of a big “oh s#it”! for a company in their business
And, to top it off, they are NIST compliant and certified by the Federal Government for use in all government networks.
And the secure networks of those who have business with the Government.
How’s that H1B staffing workin’ for ya?
Somebody’s got some ‘splainin’ to do.
Most of this stuff is built in China. Cisco, too.
Bet you it ends up someone at the company supplanted their income. Some third party got to them and either paid them or coerced them into putting the modified code in the build. Ultimately they are going to have to look at their build/ship process. Who had access, who actually built the release image, who had access to the image (ie could have replaced it).
Yes, and I’d bet a bag of crullers that there’s more than one involved. Someone had to sign of on this. And someone above that someone, I’d wager.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.