Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: phranque
Juniper has announced that it has found two critical security vulnerabilities in Screen OS. The first would allow an attacker to decrypt VPN traffic and leave no trace of their actions, while the second allows complete compromise of a device via an unauthorised remote access vulnerability over SSH or telnet. Juniper Discovers VPN Decryption Code: Patch Your Systems Now [zdnet.com]
Juniper: recording some Twitter conversations (19 Dec 2015)
Again, assuming this hypothesis is correct then, if it wasn't the NSA who did this, we have a case where a US government backdoor effort (Dual-EC) laid the groundwork for someone else to attack US interests. Certainly this attack would be a lot easier given the presence of a backdoor-friendly RNG already in place.