January 2, 2016
In December, everyone was starkly reminded of the dangers posed by backdoors in security products: Juniper Networks, a massive company that creates popular networking equipment, found “unauthorized” code in its ScreenOS software which would allow an attacker to take total control of Juniper NetScreen firewalls, or even, with enough resources, passively decrypt VPN traffic.
In response, Juniper released a patch, and advised customers to immediately update their systems. According to a “Cyber Alert” document obtained by Motherboard, the US Department of Defense (DoD) urged a slew of contractors to do the same.
A few days after the backdoor news broke, the Defense Security Service (DSS) sent out the alert detailing the problems found in Juniper’s products. The DSS is a part of the DoD, and, amongst other things, supervises industrial security and provides security education.