[AusNOG] Juniper ScreenOS backdoor
James Andrewartha
trs80 at ucc.gu.uwa.edu.au
Fri Dec 25 23:02:20 EST 2015
On Wed, 23 Dec 2015, Jonathan Thorpe wrote:
> Some interesting analysis for anyone who has been following this:
> https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor
>
> Apparently Cisco is now reviewing their own code as a result:
> http://blogs.cisco.com/security/update-for-customers
>
> Which begs the question… shouldn’t this be happening already, especially for network equipment – let alone security appliances?
Well, Cisco already did inspect the ASA platform two years ago for
tampering in the BIOS, OS and applications but came up empty.
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel
--
# TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \
# UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best |
[ "There's nobody getting rich writing ]| -- Collect and hide your |
[ software that I know of" -- Bill Gates, 1980 ]\ nuts." -- Acid Reflux #231 /
More information about the AusNOG
mailing list