ng telnet/SSH
access) has been published recently:
https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor
Shodan finds 26000 ScreenOS machines reachable from the Internet. It
will be a small botnet :-)
https://www.schneier.com/blog/archives/2015/12/back_door_in_ju.html
http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
https://kb.juniper.net/InfoCenter/index?page=content=JSA10713=SIRT_1=LIST
Should we blame Juniper for letting a git repository open to
"unauthorized code" or should we congratulate them for
Am Freitag, 18. Dezember 2015, 09:28:11 schrieb Stephane Bortzmeyer:
> http://forums.juniper.net/t5/Security-Incident-Response/Important-Announceme
> nt-about-ScreenOS/ba-p/285554
>
https://kb.juniper.net/InfoCenter/index?page=content=JSA10713=
SIRT_1
> =LIST
>
> Should we blame Juniper for
I think "unauthorized code" is still plausible newspeak for "bug".
Why blame finger foo when you can blame terrorists?
Hi,
> > Should we blame Juniper for letting a git repository open to
> > "unauthorized code" or should we congratulate them for their frankness
> > (few corporations would have admitted the problem)?
'un-authorized' - not authorized.
this could be code/idea by some/one engineer for eg debugging
Yes. He's backing off a bit on the claim, since he doesn't have full context.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Sent from from a handheld; please excuse tyops
> On Dec 18, 2015, at 12:27 PM, Royce Williams wrote:
>
>> On Fri, Dec 18, 2015 at 8:03 AM,
On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote:
> On 18 Dec 2015, at 7:28, Dave Taht wrote:
>
>> I think "unauthorized code" is still plausible newspeak for "bug".
>>
>> Why blame finger foo when you can blame terrorists?
>
> It looks like two different holes, one a back door for
On Fri, Dec 18, 2015 at 8:03 AM, Steven M. Bellovin
wrote:
> On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote:
>
>> On 18 Dec 2015, at 7:28, Dave Taht wrote:
>>
>>> I think "unauthorized code" is still plausible newspeak for "bug".
>>>
>>> Why blame finger foo when you
On 18 Dec 2015, at 7:28, Dave Taht wrote:
> I think "unauthorized code" is still plausible newspeak for "bug".
>
> Why blame finger foo when you can blame terrorists?
It looks like two different holes, one a back door for unauthorized
console login and one to somehow leak VPN encryption keys.
10 matches
Mail list logo