& cplSiteName &

Cisco, Juniper Treating Gear Against Potential Heartbleed

Dan O'Shea
4/11/2014
50%
50%

Cisco Systems and Juniper Networks are among the latest technology companies working to address potential problems related to the Heartbleed OpenSSL bug.

Both companies issued warnings about possible vulnerabilities in some of their equipment, and continue to update the lists of products that may be affected, or have received patch fixes, or have been confirmed as unaffected.

Among Cisco Systems Inc. (Nasdaq: CSCO) gear listed as "vulnerable" to the bug are Cisco's MS200X Ethernet Access Switch and its Mobility Service Engine. Meanwhile, the Cisco 7000 Nexus Series switches and UCS fabric components are among those products that have been confirmed as not vulnerable.

Juniper Networks Inc. (NYSE: JNPR)'s advisory includes its Juno OS version 13.3R1, though earlier versions of the OS are listed as not vulnerable.

Since news about the Heartbleed bug broke earlier this week, numerous companies reportedly are reviewing their products and services to size up the possible risk, so there may be more advisories to come from other telecom firms.

In addition to the actions by Cisco and Juniper, Telenor issued an advisory to customers in Norway to change passwords for their Telenor services, even though it has classified the Heartbleed threat as "low." (See Eurobites: Telenor Counters Heartbleed Threat.)

And it wouldn't be a networking issue if there wasn't some sort of virtualization angle. Check out this InformationWeek article that suggests SDN might have a solution to the kind of problems Heartbleed is posing.

— Dan O'Shea, Managing Editor, Light Reading

(15)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Page 1 / 2   >   >>
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:48:34 PM
Re: Open source
People in accounting and middle management live in spreadsheets, however. 
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 6:29:40 PM
Re: Open source
I still think we're not understanding each other.

The way that software that is open source is made "quality" is by a kind of tailoring.

So, think of an open source tree, not as a house, but as lumber -- or rather prefab panels.

At no point would you simply bring home material from a lumberyard, through it together and insist that you've just built a home.

So, where we disagree is on the locus and extent of expertise.

In the traditional software house, all the higher level functions such as coding and QA are internal.    In the open source model it is expected, and in some sense because of the zero cost of the software, that you will have one or more expert craftsman in your own organization to nail together the final product.   And those craftsmen are not just Lego brick assemblers, but real honest to goodness computer programmers!

 
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 6:23:27 PM
Re: Open source
True, but that cuts both ways.

Developers don't use spreadsheets ... because most people don't use spreadsheets!

What you say?   Well, for the most part, most simply do not use spreadsheets.  The majority of computing is now done using web forms...many of which, with dynamic java, have replaced the movable functions of spreadsheets.

But it gets worse.

Of those who "use" spreadsheets, even fewer create spreadsheets...most using a travel expense spreadsheet.

Of those who create a spreasheet, most never use more than one worksheet.

Of those who use more than one worksheet in a workbook, most never build macros.

And so on...
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/14/2014 | 5:02:23 PM
Re: Open source
Reminds me of another problem with open source: Developers are attracted to projects they themselves use. So the web browsers and IDEs are very sophsiticated, but spreadsheets are rudimentary. Because developers don't use spreasheets. That was true at one time -- I don't know if the state of open source spreadsheets has advanced. 

Good question regarding the heartbeat. Why do you need a heartbeat? If the server is down or off the network, it just doesn't respond. 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/14/2014 | 4:59:45 PM
Re: Open source
danielcawrey - As I understand it, Certain Government Agencies are issuing unambiguous denials. But their credibility is suspect. 
brookseven
50%
50%
brookseven,
User Rank: Light Sabre
4/14/2014 | 1:19:53 PM
Re: Open source
 

I think that the truth lies somewhere in the middle here.

First off, most of the major OS projects do not willy nilly accept all submissions.  That does not mean that bad quality code never gets added, but I think putting out the notion that a guy off the street can automatically get his code in an Apache Web Server needs to get cut off right here.

Secondly, the lack of central control means that there has been challenges with the tidiness of many open source projects.  Having many brains both good and bad adding code can create all kinds of cruft.

Third, it is up to the user of an OS project to perform their QA on new OS releases.  One has to be very careful in picking up a new version from any OS stream.  We always treat the inclusion of a new OS version as equivalent to a maintenance release.

I suspect that nobody did had a regression suite for that testcase.  I know given the breadth of deployment of this code that seems unlikely.  But given the number of folks who don't retest OS once they have integrated it, I think that seems likely.

 

seven

 
t.bogataj
50%
50%
t.bogataj,
User Rank: Light Sabre
4/14/2014 | 12:37:43 PM
Re: Open source
I agree, but my point was elsewhere.

On one hand, the open-source community is a bustling space of experts keen to share their ideas and expertise; on the other, anyone can contribute, according to his/her (limited) skills. In my workplace I see the the full spectrum of coders/programmers, and I also see the difference: the creative ones are neither good at defensive coding, nor they have the discipline to critically evaluate their own design.

The "creative programmers" and the "good coders" generally do not overlap. Without proper control (yes, literally: control) over what is accepted in the main trunk (or an open-source project), even those considered best will participate their share of flaws and bugs.

As a wiser person said: The difference between a beginner and an expert programmer is not that the expert does not make bugs; the difference is that the expert generates bugs which are much more sophisticated and much harder to debug.

I am not advocating for the "corporate-style" control over open-source projects. But I firmly believe that following formal procedures and best practices is a must. Which is not really the case in the open-source community.

T.

PS. Regarding democracy... another quote (by W. C.): The best argument against democracy is a five-minute talk to an average voter.
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 12:16:35 PM
Re: Open source
I don't think that's quite it.

Open source -- like democracy -- requires an intelligent and aware set of users at all levels.  You can't expect to bite off a big block of code and have it be exactly what you want.  So the "corporate review" would be done (and should have been done) by a savvy IT department.

It's expected that there will be expertise at both ends of the supply chain.  That means companies that employ people with the proper skill set.   This differs from the Lego-model of programming where large software manufacturers sell pre-packaged assemblies that are guaranteed to certain degree of reliability.

Although, truth be told, if you dig deep enough, there are no real guarantees.  Any time you put all your eggs in one basket -- whether it be a runtime, or library -- you risk the danger of overleverage.

 
t.bogataj
50%
50%
t.bogataj,
User Rank: Light Sabre
4/14/2014 | 3:28:49 AM
Re: Open source
The difference between open-source effort and a formal corporate process is that in the former, the programmers do not have to bother with design reviews, coding rules, best practices; there are no bosses to scrutinize your work, and no annoying people from V&V filing bug reports. It's nice and cozy to code in a friendly community.

And Heartbleed bug is the result.

T.
DOShea
50%
50%
DOShea,
User Rank: Blogger
4/13/2014 | 3:48:26 PM
AT&T
After this story was published, AT&T posted this note about its own Heartbleed evaluation on its consumer blog: http://blogs.att.net/consumerblog/story/a7795231
Page 1 / 2   >   >>
From The Founder
Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
Women in Comms Introduction Videos
Cisco: Mentoring Critical to Attract & Retain Women

7|19|17   |   6:40   |   (1) comment


Liz Centoni, senior vice president and general manager of Cisco's Computing System Product Group, shares why mentoring in all its forms is important for women and what Cisco is doing that's made a difference for women in tech.
LRTV Custom TV
Gigabit LTE With Snapdragon 835

7|12|17   |     |   (1) comment


At an event in Wembley stadium, EE used its live network to demonstrate gigabit LTE using a Sony Xperia XZ Premium smartphone with a Qualcomm Snapdragon 835 chip.
LRTV Custom TV
Implementing Machine Intelligence With Guavus

7|12|17   |     |   (0) comments


Guavus unites big data and machine intelligence, enabling many of the the largest service providers in the world to save money and drive measureable revenue. Learn how applying Machine Intelligence substantially reduces operational costs and in many cases can eliminate subscriber impact, meaning a better subscriber experience and higher NPS.
LRTV Custom TV
Unlocking Customer Experience Insights With Machine Intelligence

7|12|17   |     |   (0) comments


When used to analyze operational data and to drive operational decisions, machine intelligence reduces the number of tasks which require human intervention. Guavus invested in Machine Intelligence early. Learn about the difference between Machine Learning and Machine Intelligence.
Women in Comms Introduction Videos
Verizon VP Talks Network, Career Planning

7|12|17   |   4:49   |   (0) comments


Heidi Hemmer, vice president of Technology, Strategy & Planning at Verizon, shares how bold bets and the future of tech define her career.
Telecom Innovators Video Showcase
Masergy's NFV Journey

7|11|17   |     |   (0) comments


Ray Watson, vice president of global technology at Masergy, discusses the advantages and challenges in entering the still-maturing NFV market for the past three years.
Telecom Innovators Video Showcase
Mavenir on RCS Cloud Platform & Multi-ID

7|10|17   |     |   (0) comments


Guillaume Le Mener, head of marketing and corporate development at Mavenir, discussed RCS and the recent launch of Multi-ID, which supports T-Mobile's DIGITS, the revolutionary new technology that breaks down the limitation of one number per phone and one phone per number.
LRTV Custom TV
ADTRAN Executive Outlines Trends in Next-Generation 10-Gigabit Cable Networks

7|10|17   |     |   (0) comments


Hossam Salib, VP of Cable and Wireless Strategy at ADTRAN, outlines key trends as MSOs begin to deploy next-generation Gigabit and 10-Gigabit cable networks. In the interview, Hossam outlines the advantages of a Fiber Deep architecture, FTTH options including EPON and RFoG, and the importance of SDN and NFV in building next-generation high-bandwidth cable networks.
LRTV Interviews
Global Capacity: Bandwidth Demand Driving Ethernet Growth

7|6|17   |   6:37   |   (0) comments


At Light Reading's Big Communications Event in Austin, Texas, Global Capacity's VP of Marketing Mary Stanhope talks about how the demand for bandwidth is changing the way service providers deliver broadband services.
LRTV Interviews
Colt's Services Chief on Digital Delivery

7|5|17   |   16:12   |   (0) comments


Rogier Bronsgeest, the chief customer experience officer (chief CEO!) at Colt, discusses the way in which the service provider interacts with its customers these days and his aggressive net promoter score (NPS) targets.
Women in Comms Introduction Videos
BT VP: Women Should Fill Security Talent Gap

7|5|17   |   6:00   |   (2) comments


By 2020 there will be six security jobs for every qualified worker, and Kate Kuehn, vice president of Security for BT in the Americas, says BT wants to encourage women to fill the shortage in jobs.
LRTV Interviews
Colt Sales Exec on Services Trends

7|4|17   |   12:59   |   (0) comments


Colt's sales director for enterprise, James Kershaw, sheds some light on the services currently in demand and how network upgrades are influencing customer demand.
Upcoming Live Events
September 28, 2017, Denver, CO
October 18, 2017, Colorado Convention Center - Denver, CO
November 1, 2017, The Royal Garden Hotel
November 1, 2017, The Montcalm Marble Arch
November 2, 2017, 8 Northumberland Avenue, London, UK
November 30, 2017, The Westin Times Square
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Mobile to Power Online Video Consumption – Zenith
Aditya Kishore, Practice Leader, Video Transformation, Telco Transformation, 7/19/2017
Can Mushroom Sprout in Crowded SD-WAN Field?
Carol Wilson, Editor-at-large, 7/18/2017
AI Will Be Ubiquitous in 2020 but Overhyped in 2017 – Gartner
Sarah Thomas, Director, Women in Comms, 7/18/2017
Facing the Facebook Video Threat
Gary Miles, Chief Marketing Officer, Amdocs, 7/17/2017
The Finger-Lickin' Fone: A Plucky Effort?
Ray Le Maistre, International Group Editor, 7/14/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
Animals with Phones
Fuzzy Quick Fix Click Here
If you can't access it, is it really broken?
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.