1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Heartbleed flaw found in Cisco, Juniper Networking products

Discussion in 'News & Current Events' started by allheart55 (Cindy E), Apr 11, 2014.

  1. allheart55 (Cindy E)

    allheart55 (Cindy E) Administrator Administrator

    Joined:
    Jun 11, 2009
    Messages:
    10,617
    Location:
    Pennsylvania
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    ASUS M4A77TD AM3 AMD 770 ATX AMD
    CPU:
    AMD Phenom II X6 1090T-Thuban 3.2GHz
    Memory:
    Crucial-DDR3 SDRAM 1333-8GB
    Hard Drive:
    WD Caviar Black SE HDD 640 GB - WD Caviar Black SE HDD 500 GB
    Graphics Card:
    Sapphire Radeon HD-7870 2GB
    Power Supply:
    CORSAIR CMPSU-750W
    Some of Cisco Systems and Juniper Networks' networking products are susceptible to the Heartbleed Internet-security flaw, the companies said.

    The vulnerability, which was recently discovered by researchers at Google, affects the routers, switches and security firewalls used by individuals and companies, the two manufacturers said in statements Thursday.
    Heartbleed prompted security experts to urge consumers to change their Web passwords to prevent hackers from gaining access to user names, passwords and other sensitive information. While OpenSSL runs on as many as two-thirds of all active websites, many large consumer sites aren't vulnerable to being exploited because they use specialized encryption equipment and software, according to Google's researchers.

    "Everybody has to patch in the ecosystem," said Robert Hansen, a specialist in Web application security who is vice president of the advanced technologies group of WhiteHat Security Inc. "Everybody that they rely on for business continuity, for security, needs to be as secure as they are."

    Cisco said it would tell customers when software patches for its affected products are available. Juniper offered some upgrades to fix the issue.

    Banks and other financial institutions should take steps to patch their computer systems as soon as possible to prevent attacks that exploit the vulnerability, U.S. agencies said today.

    The Federal Financial Institutions Examination Council, made up of representatives from the Federal Reserve Board of Governors, the Consumer Financial Protection Bureau and other regulators, said systems that operate a widely used encryption technology called OpenSSL are at risk of being hacked.

    Financial Risks

    "The vulnerability could allow an attacker to potentially access a server's private cryptographic keys compromising the security of the server and its users," the council said in a statement Thursday. "Attackers could potentially impersonate bank services or users, steal login credentials, access sensitive email, or gain access to internal networks."

    JPMorgan Chase, the largest U.S. bank, doesn't use the vulnerable software and user information hasn't been exposed, the New York-based company said in a statement Wednesday. Tests on the home pages of other large technology, e-commerce and banking companies including Microsoft, Amazon.com and Bank of America indicated they weren't vulnerable.

    Beyond banks, the vast majority of large institutions whose networks were susceptible have applied the fix, Hansen said.



    Read More:
    http://www.mercurynews.com/business...-flaw-found-cisco-juniper-networking-products
     
    allheart55 (Cindy E), Apr 11, 2014
    #1
  3. redwing

    redwing Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    528
    Location:
    Canada
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    HP
    Thanks Cindy, this is worrisome.
     
    redwing, Apr 11, 2014
    #2
: heartbleed, Cisco, Juniper

Share This Page