Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA | WIRED

Posted from WordPress for Android

1 Comment

  1. Tomi Engdahl says:

    Joseph Menn / Reuters:
    Juniper Networks will drop code tied to National Security Agency

    Juniper Networks Inc said late on Friday it would stop using a piece of security code that analysts believe was developed by the National Security Agency in order to eavesdrop through technology products.

    The Silicon Valley maker of networking gear said it would ship new versions of security software in the first half of this year to replace those that rely on numbers generated by Dual Elliptic Curve technology.

    The statement on a blog post came a day after the presentation at a Stanford University conference of research by a team of cryptographers who found that Juniper’s code had been changed in multiple ways during 2008 to enable eavesdropping on virtual private network sessions by customers.

    Last month, Sunnyvale-based Juniper said it had found and replaced two unauthorized pieces of code that allowed “back door” access, which the researchers said had appeared in 2012 and 2014.

    The 2014 back door was straightforward

    The 2012 code changed a mathematical constant in Juniper’s Netscreen products that should have allowed its author to eavesdrop

    Though the academic team looking at Juniper has not named a suspect in the 2008, 2012 or 2014 changes, 2008 was one year after veteran cryptographers raised questions about Dual Elliptic Curve.


Leave a Comment

Your email address will not be published. Required fields are marked *