Juniper Networks Updates its Software to Fix Unknown Backdoor Code
FREMONT,CA: Juniper Networks moves a step further to rectify the unauthorized code found in ScreenOS operating system for its NetScreen Firewalls by replacing the core cryptography component to further reduce any potential risk, reports Sean Michael Kerner for eWEEK.
The ScreenOS operating system makes use of Dual_EC DBRG (Dual Elliptic Curve Deterministic Random Bit Generator) and ANSI X9.31random number technologies. Juniper removes the suspicious Dual_EC DBRG random number generator from its ScreenOS operating system to remediate both the unauthorized administrative access issue, as well as the VPN (Virtual Private Network) decryption issue. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG (pseudorandom number generator) output after collecting a minimal amount of output (32 bytes). Juniper brings third party help to investigate no more unauthorized code exists in neither ScreenOS nor Junos OS.
"We remain confident that the patched releases, which use Dual_EC, remediate both the unauthorized administrative access issue, as well as the VPN decryption issue," says Worrall, Juniper Networks.
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Dave Doyle, CIO & SVP, IT, Regal Entertainment Group
By Sergey Cherkasov, CIO, PhosAgro
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Mike Fitton, Wireless Business Unit Director, Altera
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Thomas Musgrave, EVP & CIO, AmeriCold Logistics
By Vin Sharma, Director, Strategic Planning & Marketing, Big...
By Federico Flórez, Chief Information & Innovation Officer,...
By Barbara Adams, VP, Innovative Technology Solutions, Texas...
By John Mason, CIO, Bottomline Technologies
By Jamshid Khazenie, CTO, USA Today Network / Gannett
By Miguel Gamino, CIO & Executive Director-Department of...
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Tom Bressie, Vice President, Oracle Cloud
By John Landwehr, Public Sector CTO, Adobe
By Aaron Gette, CIO, The Bay Club Company
By Denise Zabawski, CIO, Nationwide Children's Hospital
By Amit Bahree, Executive, Global Technology and Innovation,...