Wired reports:
Security researchers believe they have finally solved the mystery around how a sophisticated backdoor embedded in Juniper firewalls works. Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniper's devices.
The researchers' findings suggest that the NSA may be responsible for that backdoor, at least indirectly. Even if the NSA did not plant the backdoor in the company's source code, the spy agency may in fact be indirectly responsible for it by having created weaknesses the attackers exploited.
Evidence uncovered by Ralf-Philipp Weinmann, founder and CEO of Comsecuris, a security consultancy in Germany, suggests that the Juniper culprits repurposed an encryption backdoor previously believed to have been engineered by the NSA, and tweaked it to use for their own spying purposes. Weinmann reported his findings in an extensive post published late Monday.
Previously on SN: "Unauthorized Code" in Juniper Firewalls Decrypts Encrypted VPN Traffic.
(Score: 2) by martyb on Sunday January 03 2016, @01:25PM
Parent comment stated:
NOTE: The update referenced in the parent comment comes from: Some Analysis of the Backdoored Backdoor [rpw.sh] "The Article"; to wit:
There are two pseudo-random number generators under discussion here: the Dual_EC DRBG and the ANSI X9.31 PRNG. The story claims that the Dual_EC one was backdoored.
The Article references Juniper's knowledge base article KB28205 [juniper.net] which states:
So, even if Dual_EC were backdoored, its being used to feed into the ANSI one would render the backdoor ineffective: the output would be random based on the output of the ANSI code.
The Update suggests that this is NOT the case, that after the first iteration through the loop, a global variable is set which renders the ANSI code ineffectual. In other words, a backdoor in the Dual_EC code WOULD manifest; the ANSI code would not be an effective mitigation.
The forgoing is based entirely on what I read in the linked articles. IANAC (I Am Not A Cryptographer). Feedback and corrections welcome.
Wit is intellect, dancing.