Networking gear allowed snooping, manufacturer says

Another important lesson in always making sure to use trusted network equipment manufacturers was learned recently when a well-known vendor announced it had a major security flaw.

Juniper Networks, a provider of networking equipment and solutions, put out an advisory that warned its Junos Operating System had a serious flaw in the way it handled certificates.

The flaw allowed self-signed certificates to verify identities on a VPN, according to an ArsTechnica report. So as long as a devices certificate name matched a valid certificate, it was treated as valid … even if it was a hacker who signed the certificate him or herself.

According to Juniper, the flaw was discovered before any known uses of it were used in attacks.

This kind of snooping on protected information is another example of why it’s so important to keep firmware and networking equipment up-to-date and patched.

And it’s also on top of another major security announcement by the vendor that encrypted traffic was sometimes decrypted as it passed through a VPN by unauthorized code discovered in its firewall products.

So the biggest takeaway may be to make sure you’re only dealing with trusted vendors. Too many little slip ups or delayed fixes could be putting systems at serious risk.