Juniper Networks Updates its Software to Fix Unknown Backdoor Code
FREMONT,CA: Juniper Networks moves a step further to rectify the unauthorized code found in ScreenOS operating system for its NetScreen Firewalls by replacing the core cryptography component to further reduce any potential risk, reports Sean Michael Kerner for eWEEK.
The ScreenOS operating system makes use of Dual_EC DBRG (Dual Elliptic Curve Deterministic Random Bit Generator) and ANSI X9.31random number technologies. Juniper removes the suspicious Dual_EC DBRG random number generator from its ScreenOS operating system to remediate both the unauthorized administrative access issue, as well as the VPN (Virtual Private Network) decryption issue. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG (pseudorandom number generator) output after collecting a minimal amount of output (32 bytes). Juniper brings third party help to investigate no more unauthorized code exists in neither ScreenOS nor Junos OS.
"We remain confident that the patched releases, which use Dual_EC, remediate both the unauthorized administrative access issue, as well as the VPN decryption issue," says Worrall, Juniper Networks.
By Michael Cockrill, CIO, State of Washington
By Brett Shockley, SVP & CIO, Avaya
By Sven Gerjets, SVP-IT, DIRECTV
By Steve Moyer, VP of Storage Software Engineering, Micron...
By Michelle R. McKenna-Doyle, SVP and CIO, National Football...
By Patrick Hale, CIO, VITAS Healthcare
By Roman Trakhtenberg, CEO, Luxoft
By Julia Davis, SVP, CIO, Aflac
By Chris Westlake, VP & GM of Service,RK
By Pauly Comtois, VP DevOps, Hearst Business Media
By Yanni Charalambous, VP & CIO, Occidental Petroleum...
By Bob Brown, VP-Production & Operations, ONE World Sports
By Arthur Hu, SVP & CIO, Lenovo
By Ron Guerrier, CIO, Farmers Insurance Group, Inc.
By Scott Cardenas, CIO, City and County of Denver
By Kevin McCarron, Vice President Collaboration, Carousel...
By Marc Kermisch, VP & CIO, Red Wing Shoe Co.
By Christopher Frenz, AVP of Information Security,...
By Brian Drozdowicz, VP, Digital Services, Siemens...
By Les Ottolenghi, EVP and CIO, Caesars Entertainment