[j-nsp] juniper hack news

Chris Cappuccio chris at nmedia.net
Sat Dec 26 17:21:38 EST 2015


Hugo Slabbert [hugo at slabnet.com] wrote:
> 
> Am I missing something that indicates this is known to affect Junos as well?
>

I just gave you a link to a formal NSA/GCHQ "TOP SECRET" documentation -- from
2011 -- which says they are DOING IT. It only takes NSA ~90 days to develop
a new vulnerability in this class of software.

I think the best we can hope is that Juniper was privately informed and has
quietly patched any JunOS vulnerabilities.

Juniper has a lot of international business to lose from public
vulnerabilities in core Internet infrastructure. Cisco already took a large
hit.

I don't know what else to say. Anyone who thinks that the NSA did not develop
this capability in 2011 needs to read. Anyone who thinks NSA can't develop
this capability again (once their old vulnerabilities are burned) does not
understand the class of this attacker.


More information about the juniper-nsp mailing list