আমাদের কথা খুঁজে নিন

   

Networking Equipment Makers Scramble to Patch Heartbleed

It's not just websites that are vulnerable to Heartbleed. The OpenSSL encryption library at the heart of the massive Internet bug is in use other places, too — including network hardware such as routers and switches.

Networking vendors Cisco, Juniper Networks, F5 Networks and Fortigate have all issued security alerts, disclosing that some of their products are affected by Heartbleed.

See also: The Heartbleed Hit List: The Passwords You Need to Change Right Now

Cisco and Juniper both acknowledge that a range of products, including routers, firewalls and switches, are affected. Although most of these products are focused on corporate environments, some more consumer-oriented products could also be at risk.

As website administrators scramble to patch their apps and servers, IT and security admins are likewise trying to ascertain the potential vulnerabilities for network hardware.

In some cases, having vulnerable hardware could be just as bad — or worse — as having unpatched servers. With the right type of access and attack strategy, hackers could use the Heartbleed vulnerability to infiltrate a broader network.

Updates available by vendor

Mashable is trying to compile a list of companies that have issued security advisories or updates to their products.

The vast majority of these products are aimed at the enterprise level, not regular consumers or small businesses, but we'll add more information as we get more information from various vendors.

Synology
NAS maker Synology has confirmed to Mashable that the software powering its devices is vulnerable.

The company is issuing an update on April 11 to address these problems.

Users running DiskStation and RackStation products running DSM 5.0 and DSM 4.3 should apply DSM 5.0-4458 Update 2 via the Control Panel. Users should also renew their SSL certification.

Users running DiskStation or RackStation products running DSM 4.2 can expect a patch next week.

Cisco
Cisco is currently investigating its product line for affected products and will issue free software updates that address the vulnerabilities.

F5 Networks
F5 Networks says that some of its virtual servers with a specific SSL profile are vulnerable. Management interfaces are also vulnerable.

The company has noted versions known not to be vulnerable on its website, and customers can upgrade to these versions.

Juniper Networks
Juniper Networks has posted a list of vulnerable, not vulnerable and under-investigation products. It is working on providing fixed versions of code for its products as well as workaround solutions.

FortiGuard
FortiGuard has issued a firmware update for its FortiOS. Firmware updates for FortiAuthenticator, FortiMail and FortiRecorder will be available on April 11. Firmware release dates for other products is pending.

Various workarounds are also available on the FortiGuard site.

Open-source router firmware

From what we can tell, most major consumer routers are not affected by Heartbleed. If you use the DD-WRT or OpenWRT open source router firmware packages, however, the version of OpenSSL on your device may be vulnerable.

DD-WRT — A popular open source router firmware, DD-WRT has been patched. See that forum thread for more information.

OpenWRT — The current version of OpenWRT has been updated with the latest OpenSSL fixes.

This could take time

A Juniper spokesperson told The Wall Street Journal that patching all of these products could take some time, saying, "It doesn't sound like a flip-the-switch sort of thing."

As for how many devices are potentially at risk, it's too soon to say. Security researcher Bruce Schneier told Mashable that he didn't know the scope of the threat, but "many [devices] are vulnerable and unpatched."

Mashable will continue to investigate the potential threat to consumer devices, including routers and cable modems. If you run across any additional updates or disclosures, please let us know.

সোর্স: http://mashable.com     দেখা হয়েছে বার

অনলাইনে ছড়িয়ে ছিটিয়ে থাকা কথা গুলোকেই সহজে জানবার সুবিধার জন্য একত্রিত করে আমাদের কথা । এখানে সংগৃহিত কথা গুলোর সত্ব (copyright) সম্পূর্ণভাবে সোর্স সাইটের লেখকের এবং আমাদের কথাতে প্রতিটা কথাতেই সোর্স সাইটের রেফারেন্স লিংক উধৃত আছে ।