Everyone heralds new improvements ever since the Renaissance in the 15th century started an artistic and scientific improvement binge every year.
We are moving to another new year since time does not stand still for us to digest the current technology.
Johannes Gutenberg small bio at physic.org
So in 1440 we were inadvertently thrust as a society into the “new age” of enlightenment. And forever we will regret it in one sense. In 1440 Mr. Gutenberg finished a hand press and printed the “poem of the last judgement” and the Calendar of 1448. Ever since then 567 years ago we have been moving ever forward admittedly things have gotten much faster with the Internet and computers. But the people of the late 15th century did not realize what was happening until many years later. As more and more collaboration of books and scientific thought started to be shared on a regular basis, it changed our society forever.
Today the same things are happening – except when new technologies are occurring and being implemented you may not notice the immediate effects. Especially since you may not be purchasing this new technology or technique. A new hacker technique due to a mistake can really change our lives without your knowledge. You may be completely oblivious, but it is still happening.
What does a Juniper hack have to do with our lives?
Network World had a story² yesterday (Dec 20) and was actually first posted on Juniper’s forums in the following manner:
Administrative Access (CVE-2015-7755) only affects ScreenOS 6.3.0r17 through 6.3.0r20. VPN Decryption (CVE-2015-7756) only affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.
We strongly recommend that all customers update their systems and apply these patched releases with the highest priority.
POSTED BY BOB WORRALL, SVP CHIEF INFORMATION OFFICER ON DECEMBER 17, 2015
But how long was this vulnerability actually out in the wild?
Let’s find the CVE bulleting of CVE-2015-7755.
Notice the note here in the CVE:
|20151008||Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.|
So the entry date was October 8th 2015. The vulnerability has been out for over 2 months now.
And actually the backdoor was known to nation-state actors for 3 years (according to Network world FBI/DHS).
today the Internet Storm Center has gone to the unusual step of declaring a Threat Level Yellow due to Juniper’s vulnerability: isc.sans.edu³
Needless to say if you have a Juniper router or firewall with Operating system 6.2 or 6.3 with the correct release you may be vulnerable to telnet/ssh and are vulnerable to a vpn backdoor.
Just in case you missed it the backdoor password is”
<<< %s(un='%s') = %u "
you can try to log in using that password then you know you are susceptible to this issue.
Back to my original point… We don’t realize for months that there is a new technique that could allow hackers access to our devices. In this day and age the change of technology is down to months not years, and hackers know this. The criminals are aware of the problems that new technologies can bring even if you are not aware.
What can you do besides being vigilant?
Create an atmosphere of constant improvement, set up log analysis and review your logs using better methods on a weekly basis preferable, but monthly at a minimum.
As in my previous post: http://oversitesentry.com/what-to-look-for-in-logs-hackers-being-successful/
Contact Us to discuss