US Government Data May Be Exposed Due to Security Flaws Added: Friday, December 25th, 2015
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, www.extratorrent.cc, 2015
Undiscovered security flaws in a widely used corporate VPN software provided by Juniper Networks could have exposed sensitive data to foreign governments or criminal groups. The flaws were active for three years, and so far it remains unknown how the source code was altered, and whether it was the work of an external source or someone within the company.
Security experts found out that the flaws were in the form of unauthorized code discovered during a recent internal code review and announced on 17 December. One of them could have allowed hackers to decrypt data passing through Juniper’s devices, including equipment for a secure network. In other words, data that the VPN user thought was protected may have been spied on for the last three years.
According to reports, the FBI is also investigating the matter, which could be the work of a foreign government. Perhaps, the hack took advantage of weaknesses in the password encryption algorithm that were reportedly engineered by the NSA.
Juniper Networks announced that the company discovered unauthorized code in ScreenOS that could allow a third party to gain administrative access to NetScreen devices and to decrypt VPN connections. The company immediately developed and issued patched releases for the latest versions of ScreenOS, pointing out that so far no reports of these flaws being exploited have been received. Nevertheless, the company advised all its customers to update their systems and apply the patched releases.
Affected customers will potentially see an entry in the log file suggesting that “system” had logged in, and then see a password authentication. On the other hand, skilled hackers could be able to hide all traces of a login, so it is actually impossible to detect that the flaw was exploited.
Friday, December 25th, 2015
|"discovered during a recent internal code review"|
it is a LIE ,the fault was discovered by EXTERNAL security hackers , in fact TWO flaws were discovered.
This tells you that Juniper has NO formal code verification or security systems in their company, nor are they correctly using code repositories.
GIT for example prevents any code changes without a clear audit trail.
Most Popular Stories