Dailydave mailing list archives
Re: Cyber Norms and the Juniper backdoor
From: Darkpassenger <darkpassenger () unseen is>
Date: Sun, 20 Dec 2015 06:25:22 -0800
let me point out that you are mixing two whole different area of decision making here -- Cyber Policy and Warfare Strategy . dont know anything about Juniper shit , but , your stress on "legal" behavior norm of usg is the root of the evil in your point of view . osint on sensible data out there simply proves usg and allies have been doing very shady jobs when there is strategic value in a move whether it is legal or not -- whatever we call the law . same thing could be realized from other players -- .ru .cn .ir although Stuxnet is still on some headlines i am going to take you way too much back -- 1982 . take a look at book "at the abyss" or here [1] for a more offensive reference to the incident . us army fcked with ussr through Canadian fronts to hurt the reds by exploiting natural gas pipes and a high ranking officer confesses that usg messed with a commercial product for warfare advantages . so i'd say it would be pretty close to usg's norm to do stuff of this same nature . Regards -dp1 : slide 7 , https://cryptome.org/2015/10/parastoo-no-bullshit-attack.pdf
On 2015-12-18 06:24, Dave Aitel wrote:
Recently Juniper announced they had two professional backdoors in their ScreenOS productline - one which allowed remote admin access and one which allowed for passive collection on VPN connections.Twitter has, of course, exploded and many people are pointing at the NSA or US Government as the culprits. *But nothing could be further from thetruth.* The USG could not legally covertly trojan the source code of a US company. And when the US trojans something, "Nobody but US" is theclear rule. I mean, "Nobody but US" is the only way to build a backdoor,in any case. But the US is a stickler for it, and other countries are not. The Cisco interdiction pictures Snowden leaked are a clearindicator of our policy in this area: specificity when it comes to targets.More than that though, the US needs to stand up and declare from a policy perspective what the norm here is. Is trojaning a mass marketproduct as out of bounds as the kinds of attacks that hit Sony Pictures?If so, what are the consequences? Keep in mind an attack like this could devastate Juniper's market value. Imagine if we found out Microsoft Windows had been backdoored by the Chinese. Is that acceptable? Are we willing to say that we won't trojan Huawei routers? What WILL and WON'T we do in the future? We need to be clear about this. We should probably stop talking about export control for exploits for awhile and start developing a real and public cyber policy, if we want to succeed at our goals of a safer, more trustworthy Internet. If we ask for legal backdoors in products, people are going to put illegal backdoors in them and there's nothing we can say about it. :( -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Cyber Norms and the Juniper backdoor Dave Aitel (Dec 18)
- Re: Cyber Norms and the Juniper backdoor Arrigo Triulzi (Dec 18)
- Re: Cyber Norms and the Juniper backdoor Darkpassenger (Dec 20)