That’s not good

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.

Juniper manufactures many of the big routers that run the Internet. This means someone hacked them to crack virtual private networks. VPNs are commonly used by businesses to secure their network connections over the Internet, freedomistas, folks accessing geo-limited web sites, and… well, basically anyone who wants privacy. Think getting past the Great Firewall of China.

My money is on the NSA, where I expect heads are rolling. We know they’ve altered code in Cisco routers.

Kudos to Juniper for announcing this and releasing the patch.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s