« Back
in firewall network security juniper vpn vulnerability read.
What are the current security measures in Firewall OSes? and where are we now?

What are the current security measures in Firewall OSes? and where are we now?.

After incident of 18th of December people got confused and they got sceptical about their networks.

https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor

Backdoor is installed (or IOW: already in there) to ScreenOS. Nowadays the same backdoor in a different way, still an issue. But this time it is intentionally in there. (at least now I am pretty sure)

Let's look at the lifecycle of a vulnerability disclosure:

When a vulnerability took place it is firstly escalated to companies that is vulnerable to this specific vulnerability. After that they are going to decide a lifespan for fix. Two weeks, one month, six months or more... And fix was made. All things are patched. They are making a disclosure saying "Sorry bruh, we had a lil problem and fixed it, here is your firmware(software or sometimes even hardware)." and that is it.

During the lifecycle nobody knows this vulnerability. Until the "Sorry bruh" took part in. Because disclosure comes after patch principle. Let's go back to our vulnerability: for this specific vulnerability; disclosure is made after patch as usual. But impact was pretty large.

If we want to briefly describe what the vulnerability is...

Using <<< %s(un='%s') = %u as password for root for a ScreenOS device(which is installed on firewall hw used by millions) you can gain access to firewall abilities, decrypt traffic, route between subnets and more...

and they fixed... (kinda...)

Let's take a look at the current situation after all.
Here is what I have found after they fixed:

  • A branch of a big mall in Turkey...

A branch of a big mall in Turkey...

  • Yet another branch of the same big mall in Turkey...

Yet another branch of the same big mall in Turkey...

  • A big software company in Netherlands

A big software company in Netherlands

Weird thing is this vulnerability discovered long ago by a Dutch company. Google it...

And loads of proof you can find over webs that vulnerability still exists... But we are sceptical from now on... Let's look at the tweets:

Patched now! It is patched! Yes! Hell yeah! So why i am still in the network of Turkish mall, Dutch software company or English university network. Just tell me why? Some of those vulnerable firewall installed guys are still customers of the firewall manufacturer and those security company/companies. And it won't end. This will never end.

Nothing is secure anymore. I couldn't blame both manufacturer and security companies behind this incident.
We should blame ourselves. Why we are not going to do our hardware? Why we don't make it without corporatization. Why we are not standing against selling it, instead of that spreading the blueprints? Who wants to live in a world that is observed with people?

Lately one of my friends told me:

I broke my razor. And I want to buy a new one. I haven't searched. But when I sit in front of the computer, ads were related to Razors. And I just said WTF?

Yes please say it. Unless we make our tools by ourselves, this will never end. We will be sceptical always. However there is a way to do... Make an alliance. Make a open source distribution, not a distribution which is open source and backed by a company. Make it perfect and make it installed. Force manufacturers to abandon their ships by doing a thing like this. Development may take months, maybe years but what can be much more disturbing than being watched by a Big Bro?

Long story short: we are in dystopia. We should crawl to get out of it.
That is all I wanted to say...
Thanks for all the 🐟 .

comments powered by Disqus