Skip to main content

Juniper, Citrix and Fortinet

No, this is not about the famous Donovan song.

Most of this list was compiled by M. Jennings:

NSA Helped British Spies Find Security Holes In Juniper Firewalls [theintercept.com] Quote: "... British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks..."

Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors [wired.com] Quote: "This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire."

New Discovery Around Juniper Backdoor Raises More Questions About the Company [wired.com] Quote: "Juniper added the insecure algorithm to its software long after the more secure one was already in it, raising questions about why the company would have knowingly undermined an already secure system."

Juniper 'fesses up to TWO attacks from 'unauthorised code' [theregister.co.uk]

'Unauthorized code' that decrypts VPNs found in Juniper's ScreenOS [theregister.co.uk] Quote: "And it may have been there since 2008, making this a late contender for FAIL of the year."

How to log into any backdoored Juniper firewall -- hard-coded password published [theregister.co.uk]

Juniper promises to fix ScreenOS cryptography ... eventually [infoworld.com]

Listen up, FBI: Juniper code shows the problem with backdoors [infoworld.com] Quote: "FBI director James Comey should be taking notes: The Juniper debacle shows why security experts are up in arms over government-ordered backdoors."

Another quote from that article:

"Cryptographic backdoors are one of the best ways for attackers to break into systems. '[The backdoors] take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes,' Green said.

And ditto for Fortinet [arstechnica.com], the Deep Packet Inspection filter company, who also thought it wise to install a SSH server with a hard coded password.

 Not to be outdone, Citrix also makes products with the same stupidity and a fixed password of Citrix123.

It is amazing that Fortinet, Citrix, Juniper and its spawn Pulse Secure, are still doing business. The only explanation is that literally nobody cares about security and only pays lip service to it.

GIGO: Garbage In, Garbage Out...

Herman
Labels:

Comments

Post a Comment

On topic comments are welcome. Junk will be deleted.

Popular posts from this blog

Parasitic Quadrifilar Helical Antenna

This article was reprinted in OSCAR News, March 2018:  http://www.amsat-uk.org If you want to receive Satellite Weather Pictures , then you need a decent antenna, otherwise you will receive more noise than picture. For polar orbit satellites, one needs an antenna with a mushroom shaped radiation pattern .  It needs to have strong gain towards the horizon where the satellites are distant, less gain upwards where they are close and as little as possible downwards, which would be wasted and a source of noise.  Most satellites are spin stabilized and therefore the antenna also needs circular polarization, otherwise the received signal will flutter as the antennas rotate through nulls. The helical antenna, first proposed by Kraus in 1948, is the natural solution to circular polarized satellite communications.  It is a simple twisted wire - there seems to be nothing to it.  Various papers have been published on helix antennas, so the operation is pretty well understood. Therefore,
Post a Comment
Read more

Weather Satellite Turnstile Antennas for the 2 meter Band

NEC2, 2 m band, 146 MHz, Yagi Turnstile Simulation and Build This article describes a Turnstile Antenna for the 2 meter band, 146 MHz amateur satcom, 137 MHz NOAA and Russian Meteor weather satellites.  Weather satellite reception is described here .  A quadrifilar helical antenna is described here .   Engineering, is the art of making what you need,  from what you can get. Radiation Pattern of the Three Element Yagi-Uda Antenna Once one combine and cross two Yagis, the pattern becomes distinctly twisted. The right hand polarization actually becomes visible in the radiation pattern plot, which I found really cool. Radiation Pattern of Six Element Turnstile Antenna Only a true RF Geek can appreciate the twisted invisible inner beauty of a herring bone antenna... Six Element Turnstile Antenna Essentially, it is three crosses on a stick.  The driven elements are broken in the middle at the drive points.  The other elements can go straight throug
Post a Comment
Read more

Patch Antenna Design with NEC2

The older free Numerical Electromagnetic Code version 2 (NEC2) from Lawrence Livermore Lab assumes an air dielectric.  This makes it hard (but not impossible) for a radio amateur to experiment with Printed Circuit Board Patch antennas and micro strip lines. Air Spaced Patch Antenna Radiation Pattern You could use the free ASAP simulation program , which handles thin dielectrics, you could shell out a few hundred Dollars for a copy of NEC4 , You could buy GEMACS if you live in the USA, or you could add distributed capacitors to a NEC2 model with LD cards (hook up one capacitor in the middle of each element.), but that is far too much money/trouble for most. More information on driving an array antenna can be found here: https://www.aeronetworks.ca/2019/03/driving-quad-patch-array-antenna.htm l Air Dielectric Patch   The obvious lazy solution is to accept the limitation and make an air dielectric patch antenna. An advantage of using air dielectric, is that the antenn
3 comments
Read more