Vendors address the Heartbleed bug
Posted on 11 April 2014.
Which products and services are affected by the Heartbleed bug in OpenSSL? Vendors have started issuing security advisories telling users which of their products are safe and which will have to be updates.

Cisco has shared that over a dozen of its products and 2 of its services vere found to be vulnerable.

The services - Ciscoís Registered Envelope Service and Webex Messenger Service - have already been patched, but the products, which include the company's IOS XE operating system, have yet to be fixed. And, the list might yet turn out to be incomplete, as the investigation is still ongoing.

"A subset of Juniperís products were affected by the Heartbleed vulnerability including certain versions of our SSL VPN software, which presents the most critical concern for customers. We issued a patch for our SSL VPN product on Tuesday and are working around the clock to provide patched versions of code for our other affected products," Juniper Networks' spokesperson has revealed, and urged customers to contact Juniperís Customer Support Center for detailed advisories and product updates.

Microsoft has assured users that most Microsoftís offerings are not vulnerable, including all Windows operating systems and IIS versions.

"Customers running software on Windows that uses OpenSSL instead of SChannel [Window's own encryption component](for example, running the Windows version of Apache), may be vulnerable. We recommend that all customers who may be vulnerable follow the guidance from their software distribution provider," they added.

Many other vendors have issued advisories detailing temporary results of their investigation regarding the affect of the bug on their products. You can find most of them linked here (check out both the post and the comments) and here.

We can look forward to a lot of security patching in the coming weeks and months, and when it comes to Internet of Things devices, it's possible that even years will pass until the patches are released (if ever).


eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Dec 17th