Monday, December 21, 2015

Who put the backdoors in the Juniper's firewalls?

"Rapid7 has discovered a master password in one of the Juniper's firewalls backdoors. We hope it´ll soon appear an exploit on Metasploit. Patch now". This warning runs today in the cybersecurity neighbourhood on Twitter. The last Friday we warned about this serious problem and it has worsened during the weekend. We'll talk about this, and the warning made by Edward Snowden regard to Telegram, the approval of the CISA law in the Unite States and a new code to warn about legal problems in a website.

If this Friday we talked about a backdoor in Juniper devices, leader in corporate firewalls market, today we know there are two: one of them allows decoding VPN and the other one opens SSH to the attackers. Also, the company Rapid7 has discovered a password that would allow to open easily the SSH connections. Who put it there? Juniper denied it, while a lot of people remember a secret file unveiled by Snowden where he showed a NSA tool to put backdoors in Juniper's firewall. Was it the NSA? Or another government, who advantaged the hole made by the NSA?

Be careful with Telegram

Talking about Snowden, we link to another new which has marked the weekend: according to the ex-employee of the NSA, the messaging system Telegram would have serious and dangerous defects, among them we highlight that "through the Telegram server or the Internet provider is possible to obtain access to non encrypted texts of the communications, regardless if it's saved or not". The announcement of Snowden has been followed by declarations of reputed experts on cybersecurity saying Snowden is right.

CISA is approved

We go from Russia, where Telegram comes, to the Unite States where the last Friday was approved the polemic Cybersecurity Law (CISA), that allows to private companies to share with the governments their clients data bases without the appropriate security and privacy measures, according to the CISA detractors. The law was approved camouflaged in a package with nothing in common with it.


Without leaving the legal context, we finish with a proposal of the Internet Engineering Task Force to make the websites closed for legal problem show their own HTTP: "451 Unavailable For Legal Reasons".

We hope this website never shows such title!


Post a Comment