itwbennett writes: Security researchers and crypto experts now believe that a combination of likely malicious third-party modifications and Juniper’s own crypto failures are responsible for the recently disclosed backdoor in Juniper NetScreen firewalls. ‘To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional — you be the judge!,’ Matthew Green, a cryptographer and assistant professor at Johns Hopkins University wrote in a blog post. ‘They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone — maybe a foreign government — was able to decrypt Juniper traffic in the U.S. and around the world. And all because Juniper had already paved the road.’
Read more of this story at Slashdot.