nanog mailing list archives
Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Fri, 18 Dec 2015 12:32:50 -0500
Yes. He's backing off a bit on the claim, since he doesn't have full context. --Steve Bellovin, https://www.cs.columbia.edu/~smb Sent from from a handheld; please excuse tyops
On Dec 18, 2015, at 12:27 PM, Royce Williams <royce () techsolvency com> wrote:On Fri, Dec 18, 2015 at 8:03 AM, Steven M. Bellovin <smb () cs columbia edu> wrote:On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote:On 18 Dec 2015, at 7:28, Dave Taht wrote: I think "unauthorized code" is still plausible newspeak for "bug". Why blame finger foo when you can blame terrorists?It looks like two different holes, one a back door for unauthorized console login and one to somehow leak VPN encryption keys. There are hints that that latter involved tinkering with certain constants in the crypto (https://twitter.com/matthew_d_green/status/677871004354371584); that would squarely point the finger at some government's intelligence agency. I don't know who did it, but neither 'bug' nor 'developer debugging code' sounds plausible here.https://twitter.com/sweis/status/677896363070259200That tweet got deleted, apparently to redraft/correct; is this the equivalent? https://twitter.com/sweis/status/677897914643976193 https://gist.github.com/hdm/107614ea292e856faa81#file-ssg500-6-3-0r12-0-diff-L16 Royce
Current thread:
- [CVE-2015-7755] Backdoor in Juniper/ScreenOS Stephane Bortzmeyer (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Karsten Thomann (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Dave Taht (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Steven M. Bellovin (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Steven M. Bellovin (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Royce Williams (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Steven M. Bellovin (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Dave Taht (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Karsten Thomann (Dec 18)