In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA.
Now, having exhausted all other potential strategies, Juniper has announced that it will retire Dual_EC -- which was shown to be insecure years before they inserted it into their codebase -- from its products, "in the first half of this year."
The 2014 back door was straightforward, said researcher Hovav Shacham of the University of California, San Diego, allowing anyone with the right password to see everything.
The 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop, according to Shacham and his fellow investigators.
Juniper's initial patch had gotten rid of that constant in Dual Elliptic Curve and replaced it with the version it had been using since 2008.
But the academics who studied the code said that while Juniper had not disavowed the 2008 code, it had not explained how that constant was picked or why it was using the widely faulted Dual Elliptic Curve at all.
Still another curve constant, quietly provided by the NSA and required for some federal certification, was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door.
Juniper Networks will drop code tied to National Security Agency
(via Naked Capitalism)
Unified Patents raises money from companies that are the target of patent-trolling and then uses it to challenge the most widely used patents in each of its members’ sectors: now it’s going for the gold.
In Are CEOs paid for performance? Evaluating the Effectiveness of Equity Incentives, a new study from MSCI, researchers compared the salaries of 800 US CEOs of large and medium-sized companies to the returns to their shareholders during their tenure.
Verizon yesterday bought Yahoo, which had earlier bought Flickr, a photo-sharing site, and Tumblr, a blogging platform. Both of these places have three key qualities that raise important questions about their survival: 1) they’re both oldschool platforms locked in time because they were bought by Yahoo, 2) both still have vast, dedicated userbases, 3) both […]
It’s one thing to enjoy dinner at home and a nice glass of Cabernet Sauvignon with your best friend, Netflix, but it’s another thing entirely to make that meal from scratch and get that wine delivered right to your doorstep.But what if we told you there’s a way to make this possible? To keep your social life, […]
Having to pack and drag your stuff through security can put quite the damper on your vacation plans. Thankfully, we’ve got your back with one way to make traveling more painless: the Jumper Overnighter Travel Bag.This compact bag is so lightweight that you can effortlessly carry it, and fit it into any overhead compartment. But just […]
Learning is a 24/7/365 proposition, and it never ends. And if you’re truly serious about leveling up your skill sets and career prospects, get a subscription to Stone River Academy’s massive course collection. This offer normally is worth over $1,400, but is now available for just $89 in the Boing Boing Store.A respected name in information technology […]