https://www.schneier.com/blog/archives/2015/12/back_door_in_ju.html
On Fri, Dec 18, 2015 at 09:28:11AM +0100,
Stephane Bortzmeyer wrote
a message of 6 lines which said:
> http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
The password for the first backdoor (the one regarding telnet/SSH
access) has been p
Yes. He's backing off a bit on the claim, since he doesn't have full context.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Sent from from a handheld; please excuse tyops
> On Dec 18, 2015, at 12:27 PM, Royce Williams wrote:
>
>> On Fri, Dec 18, 2015 at 8:03 AM, Steven M. Bellovin
>> w
On Fri, Dec 18, 2015 at 8:03 AM, Steven M. Bellovin
wrote:
> On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote:
>
>> On 18 Dec 2015, at 7:28, Dave Taht wrote:
>>
>>> I think "unauthorized code" is still plausible newspeak for "bug".
>>>
>>> Why blame finger foo when you can blame terrorists?
>>
On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote:
> On 18 Dec 2015, at 7:28, Dave Taht wrote:
>
>> I think "unauthorized code" is still plausible newspeak for "bug".
>>
>> Why blame finger foo when you can blame terrorists?
>
> It looks like two different holes, one a back door for unauthorize
On 18 Dec 2015, at 7:28, Dave Taht wrote:
> I think "unauthorized code" is still plausible newspeak for "bug".
>
> Why blame finger foo when you can blame terrorists?
It looks like two different holes, one a back door for unauthorized
console login and one to somehow leak VPN encryption keys.
Hi,
> > Should we blame Juniper for letting a git repository open to
> > "unauthorized code" or should we congratulate them for their frankness
> > (few corporations would have admitted the problem)?
'un-authorized' - not authorized.
this could be code/idea by some/one engineer for eg debugging
I think "unauthorized code" is still plausible newspeak for "bug".
Why blame finger foo when you can blame terrorists?
Am Freitag, 18. Dezember 2015, 09:28:11 schrieb Stephane Bortzmeyer:
> http://forums.juniper.net/t5/Security-Incident-Response/Important-Announceme
> nt-about-ScreenOS/ba-p/285554
>
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=
SIRT_1
> &actp=LIST
>
> Should we blame Junip
http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST
Should we blame Juniper for letting a git repository open to
"unauthorized code" or should we congratulate
10 matches
Mail list logo
