The Juniper VPN Backdoor: Buggy Code With a Dose of Shady NSA Crypto

itwbennett writes: Security researchers and crypto experts now believe that a combination of likely malicious third-party modifications and Juniper's own crypto failures are responsible for the recently disclosed backdoor in Juniper NetScreen firewalls. 'To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional — you be the judge!,' Matthew Green, a cryptographer and assistant professor at Johns Hopkins University wrote in a blog post. 'They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone — maybe a foreign government — was able to decrypt Juniper traffic in the U.S. and around the world. And all because Juniper had already paved the road.'

Re:Explaining to your Foxnewser Uncle at Xmas dinn

[mikael]

The US government does that with suitcases. You now get to buy suitcases that have a three digit combination lock, as well as a special DHS lock that bypasses that combination lock.