No unauthorized code has been found yet but the review continues Cisco Systems has launched an internal code review following Juniper’s disclosure last week of unauthorized spying code found in its enterprise firewall products. So far, “we have no indication of unauthorized code in our products,” wrote Anthony Grieco, senior director of Cisco’s Security and Trust Organization, in a blog post Monday. The code review was initiated by Cisco and not the result of contact by law enforcement, Grieco wrote. Juniper said on Thursday an internal audit uncovered code that could allow secret remote access and also compromise encrypted VPN connections. The code was found in some versions of an operating system called ScreenOS that powers firewall devices. Juniper is investigating but has not commented so far on how it suspects the code was inserted. The company’s forthright admission has been met with praise but with hopes more details are released. Juniper’s problem is the latest in a string of issues that have affected major networking vendors, whose routers and firewalls have deep access to an organization’s Internet traffic. The devices are pivotal points to launch spying campaigns. Documents leaked by former NSA contractor Edward Snowden in 2013 showed how Western intelligence agencies have sought to compromise equipment made by Juniper, Huawei and Cisco. Grieco wrote that Cisco’s development practices prohibit the insertion of “backdoors” in its products. Backdoors allow covert access, such as undocumented account credentials, covert communication channels or undocumented traffic diversion tools. No indicators similar to those discovered by Juniper have been found in Cisco’s code, Grieco wrote. Cisco’s processes include penetration testing and code reviews by networking and cryptography engineers, he wrote. “Although our normal practices should detect unauthorized software, we recognize that no process can eliminate all risk,” Grieco wrote. Since the Snowden documents became public, Cisco has put significant effort into debunking suspicions that it willingly worked with spy agencies such as the NSA. In May 2014, Cisco’s then-CEO John Chambers sent a letter to President Obama in May 2014, warning that spying operations that interfered with its equipment “undermine confidence in our industry.” Huawei has been shut out of major business in countries such as the U.S. and Australia over unfounded beliefs it works with Chinese intelligence agencies. Related content analysis Kyndryl bolsters its Bridge infrastructure services Kyndryl is using AI to expand its integration services for on-premise and cloud environments, adding to its range of security, mainframe modernization, and AI-readiness services. By Michael Cooney May 14, 2024 7 mins Cloud Computing Networking how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux news High-bandwidth memory nearly sold out until 2026 While it might be tempting to blame Nvidia for the shortage of HBM, it’s not alone in driving high-performance computing and demand for the memory HPC requires. By Andy Patrizio May 13, 2024 3 mins CPUs and Processors High-Performance Computing Data Center opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe