Juniper back door

Khannie · 22-12-2015 11:27am #1

Looks like someone (probably the NSA in fairness) has back doored Juniper devices. The password is very cleverly obfuscated to look like code.

More details here. If you use Juniper devices in your network though, you should be patching ASAP.

The password they hid in the code is:

<<< %s(un='%s') = %u, "

Sneaky, but clever. It reminds me of that annual competition to back door code sneakily. Last years winner was particularly impressive. Can't remember the details of it though. Anyone else?

syklops · 22-12-2015 11:41am

Khannie wrote: »
Looks like someone (probably the NSA in fairness) has back doored Juniper devices. The password is very cleverly obfuscated to look like code.

More details here. If you use Juniper devices in your network though, you should be patching ASAP.

The password they hid in the code is:
<<< %s(un='%s') = %u, "
Sneaky, but clever. It reminds me of that annual competition to back door code sneakily. Last years winner was particularly impressive. Can't remember the details of it though. Anyone else?

You mean the hide the backdoor contest at DefCon? Some info here

I've not found the winning entry yet though. Maybe they don't offically release them.

Tbh, its not something I ever thought abou competing in, but as you've pointed out, its just about being sneaky. Definitely something to consider for next year.

Professey Chin · 22-12-2015 11:42am

Lovely. No Juniper here but I can think of a few large agencies with sensitive data using them.

Khannie · 22-12-2015 3:44pm

syklops wrote: »

You mean the hide the backdoor contest at DefCon? Some info here

That does ring a bell. I have a feeling it was earlier in the year than defcon, but it's only a feeling. I did see the winning entry and I was *blown away* by it. I actually thought the runner up might have been just as good and possibly better. It made for a very disturbing but enjoyable read at the time. We tweeted about it so I'll see if I can dig that out.

Stuxnet · 22-12-2015 4:40pm

Excellent write up today on WIRED about it

Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA

DipStick McSwindler · 22-12-2015 4:50pm

This post has been deleted.

Khannie · 22-12-2015 5:09pm

Stuxnet wrote: »

Excellent write up today on WIRED about it

Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA

That's a good read alright. Thanks.

syklops · 23-12-2015 1:41am

IrishFeeney92 wrote: »

Oh the irony

You know what I meant.

_Tombstone_ · 25-12-2015 11:25pm

Junipers 3 year old own back door that some else made use of by some accounts.

Professey Chin · 13-01-2016 1:19pm

Keeping with the trend looks like theres an SSH one in Fortigate appliances too.

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

Less risky since most would have SSH access locked down and its patched in newer versions. Seems to be more of an error then a malicious backdoor too.

syklops · 13-01-2016 1:23pm

Professey Chin wrote: »

Keeping with the trend looks like theres an SSH one in Fortigate appliances too.

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

Less risky since most would have SSH access locked down and its patched in newer versions. Seems to be more of an error then a malicious backdoor too.

News worthy of its own thread.

Professey Chin · 13-01-2016 1:24pm

Good point. Ill get moving

Juniper back door

Comments