After incident of 18th of December people got confused and they got sceptical about their networks.
Backdoor is installed (or IOW: already in there) to ScreenOS. Nowadays the same backdoor in a different way, still an issue. But this time it is intentionally in there. (at least now I am pretty sure)
Let's look at the lifecycle of a vulnerability disclosure:
When a vulnerability took place it is firstly escalated to companies that is vulnerable to this specific vulnerability. After that they are going to decide a lifespan for fix. Two weeks, one month, six months or more... And fix was made. All things are patched. They are making a disclosure saying "Sorry bruh, we had a lil problem and fixed it, here is your firmware(software or sometimes even hardware)." and that is it.
During the lifecycle nobody knows this vulnerability. Until the "Sorry bruh" took part in. Because disclosure comes after patch principle. Let's go back to our vulnerability: for this specific vulnerability; disclosure is made after patch as usual. But impact was pretty large.
If we want to briefly describe what the vulnerability is...
<<< %s(un='%s') = %uas password for
rootfor a ScreenOS device(which is installed on firewall hw used by millions) you can gain access to firewall abilities, decrypt traffic, route between subnets and more...
and they fixed... (kinda...)
Let's take a look at the current situation after all.
Here is what I have found after they fixed:
- A branch of a big mall in Turkey...
- Yet another branch of the same big mall in Turkey...
- A big software company in Netherlands
Weird thing is this vulnerability discovered long ago by a Dutch company. Google it...
And loads of proof you can find over webs that vulnerability still exists... But we are sceptical from now on... Let's look at the tweets:
Hmmm. It took @foxit 6 hours to find the password for the ssh/telnet backdoor in the vulnerable Juniper firewalss. Patch now— Ronald Prins (@cryptoron) December 18, 2015
Patched now! It is patched! Yes! Hell yeah! So why i am still in the network of Turkish mall, Dutch software company or English university network. Just tell me why? Some of those vulnerable firewall installed guys are still customers of the firewall manufacturer and those security company/companies. And it won't end. This will never end.
Nothing is secure anymore. I couldn't blame both manufacturer and security companies behind this incident.
We should blame ourselves. Why we are not going to do our hardware? Why we don't make it without corporatization. Why we are not standing against selling it, instead of that spreading the blueprints? Who wants to live in a world that is observed with people?
Lately one of my friends told me:
I broke my razor. And I want to buy a new one. I haven't searched. But when I sit in front of the computer, ads were related to Razors. And I just said WTF?
Yes please say it. Unless we make our tools by ourselves, this will never end. We will be sceptical always. However there is a way to do... Make an alliance. Make a open source distribution, not a distribution which is open source and backed by a company. Make it perfect and make it installed. Force manufacturers to abandon their ships by doing a thing like this. Development may take months, maybe years but what can be much more disturbing than being watched by a Big Bro?
Long story short: we are in dystopia. We should crawl to get out of it.
That is all I wanted to say...
Thanks for all the 🐟 .