Juniper Networks backdoor confirmed, password revealed, NSA suspected


#1

[Read the post]


#2

Nothing to see here folks. Just go about your business, everything is on the level.


#3

Given the moral rectitude and intellectual prowess of our legislators, I imagine this problem will get worse before it gets better. The amount of data about each of us grows every day, and powerful people are working hard to weaken the security of that data.

Frankly, I don’t see any endgame for this trend. Is the only solution learning to love Big Brother?


#4

Wow, if we needed an example of what a government-mandated backdoor would do in practice, we’ve got the absolutely perfect one. Talk about a cautionary tale. That it has impacted the US government itself is just too good. Sadly, I suspect it will go right by the people who most need to have this smack them in the face.


#5

And this is a surprise how?


#6

DNT’s BANANAGLEE and CES’s ZESTYLEAK

From the same folks who brought us Mutant Broth and Atomic Banjo, no doubt.


#7

At least for the software backdoors, we need some major innovation in visualising execution paths of computer code.

I’d suggest to get vaguely inspired with molecular modeling of large biological macromolecules, with modified rules for the “molecule” folding to separate the libraries and functions visually from the main code loops.

That could increase the speed of making sense of third-party code (or even of one’s own after a while), which is a prerequisite for finding bugs and backdoors.

Won’t be an endgame per se but could reestablish, and hold for some time, the ynamic equilibrium.

Then the AI would come to assist… and then it’d be a machine-vs-machine field…


#8

Oh you, and your dreams of reliable deterministic software :D. You think protein folding is hard, try and model all the execution paths of seven lines of JavaScript written by a nine year old.

I swear JIT compiler writers all just want to shave years off their life, with what must be insane amounts of alcohol and cigarettes.


#9

It’s not THAT difficult. When translated to bytecode or machine code, there are just few entry and exit states of every instruction. In assembler/machine code, the instruction can be “change something (or do nothing in case of a NOP) and move on to next one”, “jump somewhere”, “check a condition and either continue to the next one or jump somewhere”, “push current position and jump somewhere”, and “pop stored position and jump there”. Plus some more like HALT or IRET.

The continue-to-next and jump and conditional-jump ones are easy to map directly to molecular models visualisations. The call and return ones are more difficult but also doable.

I did not do work with actual bytecode, though, beyond designing a very simple task-specific language for scripting RGB LED transitions with a microcontroller (the compiler was written in bash). Major work with assembler I did when I was dissecting and trying-to-write-a-little computer viruses some quarter century ago, minor work on microcontrollers. Hopefully the principles did not change much since at this level (at the high-level languages there’s a lot of progress, admittedly, but it still ends up at instructions and registers)…


#10

What about the JIT compiler compiler writers? See PyPy, the interpreter writing framework with JIT compiler generation. They’ve also tried generating a secure sandbox environment for python code (almost as big a challenge I think). Definitely lots of automagic tracing of running code.


#11

Sure, but instructions and registers still don’t give you a picture that allows an operator to determine what is gonna happen, unless you run it and stress/fuzz every possible interface. Of course I was being flippant with the js comment, but I could probably get you a copy of flame and IDA and see first hand how much you want to punch things.

And that’s just user/root shit. Can you even trust your registers?

(However a molecular visualization plugin for IDA would probably make you a millionaire several times over)


#12

Any time you try and predict what non deterministic software is gonna do you have a 10% chance of becoming an alcoholic.

We have made great leaps, but when it comes to attack code written by the same dudes that know how to model attack code, it is at best a stalemate. They know the tricks that make IDA barf or lie, or exit sandboxed environments, or jump virtualized environments. This is a fundamental strength and weakness of a universal computing machine.


#13

if it’s in Juniper’s code, it begs the question, is there a similar backdoor in Cisco’s code?


#14

I am just now reading a book about Stuxnet (Kim Zetter’s Countdown to Zero Day). Pretty interesting story, probably similar to the Flame one.

I didn’t work with IDA but served penance for some coding sins (and committed some more with it) in the age of Windows 3.11 and… what the hell did I actually use? I don’t remember anymore…

So I can quite imagine the screaming.

Especially when even today the user interfaces are like looking at a table-sized map through a quarter-inch hole punched in paper that you have to slide over all the surface.

The interrupt driven routines (and other various shenanigans) will certainly screw up with this and add more complexity. (Could such code be made to look suspicious, though?)

We critically need some way to see the code flow in a multiscale way - from the keyhole way of individual instructions to the full-picture way of semitransparent ghostly structures with highlighted traces we went through and annotations pinned to the blobs that the library calls formed into with the combination of locally-attractive globally-repulsive forces between the instructions…

Alas, my 3d-graphics skills are nonexistent. :frowning: :frowning: :frowning: We need somebody who did this for games…


#15

It could be pretty fuckin’ awesome and increase an operators efficiency. Abstract concepts out so you can start with looking at shapes and structures, not instructions. (With a command shell of course :D)

If I successfully pitch this to a VC you’ll be in :imp:


#16

OK, don’t know anything about anything, but aren’t you describing a neural network? the molecular modeling bit is the folds of the brainmatter, and all those jump and push commands are like the electro-chemical signals that transmit between the distant bits of grey matter? (haven’t read thru whole thread yet, excuse if said already.)
(eta: i’m just speaking of how to model it visually, but if form follows function…)

just spitballin’, 'cause the idea sounds neat.


#17

Not exactly, but the same approach could be potentially used for visualising/simulating the connectome.

The code visualisation is getting way more complex when we consider that the memory is a highly dynamic space, with modules being loaded and unloaded (and leaving crap behind) all the time, with potentially even code overwriting other active code (the malware self-decrypting modules, or code unpackers…), which will lead to the need of some way of 4d-visualisation… And of course to see so much stuff in one’s field of vision, fairly high-res virtual reality display will have to be used. (Though development could be started on Harvard-architecture chips, with code firmly burnt in flash and fixed and relatively small set of registers and separate RAM for variables. And with off-the-shelf Oculus Rift. First aim for the lower-complexity fruit, like reverse-engineering/auditing small microcontroller firmware.)


#18

All the guys I know who write JIT compilers are about 15 to 20 years younger than me. We rotate them out every couple of years.


#19

:smiley:

/me looks at the six fuzzing engineers he manages, 2.5 of which work in JS…


#20

So the password was <<< %s(un=’%s’) = %u. That’s funny because it sounds a lot like Sun Tzu, the Chinese guy who wrote The Art of War.