Juniper drops NSA-developed code following new backdoor revelations

Juniper Networks, which last month made the startling announcement its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks, said it will remove a National Security Agency-developed function widely suspected of also containing a backdoor for eavesdropping.

The networking company said in a blog post published Friday that it will ship product releases in the next six months that remove the Dual_EC_DRBG random number generator from NetScreen firewalls. Security researchers have known since 2007 that it contains a weakness that gives knowledgeable adversaries the ability to decrypt encrypted communications that rely on the function. Documents provided by former NSA subcontractor Edward Snowden showed the weakness could be exploited by the US spy agency, The New York Times reported in 2013.

A month after the NYT report was published, Juniper officials wrote in a knowledge base article that NetScreen encryption couldn’t be subverted by the weakness because Dual_EC_DRBG wasn’t the sole source for generating the random numbers needed to ensure strong cryptography. The Juniper post said NetScreen also relied on a separate random number generator known as ANSI X.9.31 that made it infeasible to exploit the Dual_EC_DRBG weaknesses. Random number generators are a crucial ingredient in strong cryptography. Their role is similar to the shaking of dice at a craps table and ensure that keys contain enough entropy to make them infeasible to guess or predict. Continue reading

Advertisements

TV Piracy Comes with Malware Most of the Time

Content security risk is usually talked about in terms of studios losing money; but there’s another cost to consider: Internet users are 28 times more likely to be infected by malware if they use content theft sites.

A RiskIQ study has uncovered that content piracy is a $70 million underground market for cyber-criminals, preying on those who don’t want to pay for things like the latest season ofGame of Thrones or the Walking Dead—the two most-pirated TV shows last year. And in fact, pirated TV and movies are among the most popular types of digital bait for malware purveyors, with one out of every three content theft sites exposing users to bad code.

Further, most of that activity is also done via drive-by downloads: nearly half (45%) of the malware is delivered without requiring the user to click on anything on the site. Continue reading

Global Police Join Up to Take Down Counterfeit Sites

stop_piracy_sign

A multi-national crackdown on piracy has seen over 37,000 websites shuttered for selling counterfeit goods in the run-up to the big Black Friday/Cyber Monday weekend.

US Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) partnered with law enforcers and industry players from 27 countries worldwide to take action.

In total, 37,479 sites were shut down with the HSI-led National Intellectual Property Rights Coordination Center co-ordinating efforts between industry members, anti-counterfeiting associations and law-enforcers to seize domains via civil and criminal action.

“This effort highlights the global commitment to take aggressive action against online piracy,” said IPR Center director Bruce Foucart.

“The IPR Center will continue to collaborate with international law enforcement and industry to protect consumers from purchasing counterfeit goods online, which could expose sensitive financial information and present a health and safety threat.”

Among the most popular counterfeit items sold each year include headphones, sports tops, toiletries, shoes, toys, luxury goods, mobile phones and electronics. Continue reading