Vendors address the Heartbleed bug
Posted on 11 April 2014.
Which products and services are affected by the Heartbleed bug in OpenSSL? Vendors have started issuing security advisories telling users which of their products are safe and which will have to be updates.

Cisco has shared that over a dozen of its products and 2 of its services vere found to be vulnerable.

The services - Ciscoís Registered Envelope Service and Webex Messenger Service - have already been patched, but the products, which include the company's IOS XE operating system, have yet to be fixed. And, the list might yet turn out to be incomplete, as the investigation is still ongoing.

"A subset of Juniperís products were affected by the Heartbleed vulnerability including certain versions of our SSL VPN software, which presents the most critical concern for customers. We issued a patch for our SSL VPN product on Tuesday and are working around the clock to provide patched versions of code for our other affected products," Juniper Networks' spokesperson has revealed, and urged customers to contact Juniperís Customer Support Center for detailed advisories and product updates.

Microsoft has assured users that most Microsoftís offerings are not vulnerable, including all Windows operating systems and IIS versions.

"Customers running software on Windows that uses OpenSSL instead of SChannel [Window's own encryption component](for example, running the Windows version of Apache), may be vulnerable. We recommend that all customers who may be vulnerable follow the guidance from their software distribution provider," they added.

Many other vendors have issued advisories detailing temporary results of their investigation regarding the affect of the bug on their products. You can find most of them linked here (check out both the post and the comments) and here.

We can look forward to a lot of security patching in the coming weeks and months, and when it comes to Internet of Things devices, it's possible that even years will pass until the patches are released (if ever).





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //