Light Reading

Cisco, Juniper Treating Gear Against Potential Heartbleed

Dan O'Shea
4/11/2014
50%
50%

Cisco Systems and Juniper Networks are among the latest technology companies working to address potential problems related to the Heartbleed OpenSSL bug.

Both companies issued warnings about possible vulnerabilities in some of their equipment, and continue to update the lists of products that may be affected, or have received patch fixes, or have been confirmed as unaffected.

Among Cisco Systems Inc. (Nasdaq: CSCO) gear listed as "vulnerable" to the bug are Cisco's MS200X Ethernet Access Switch and its Mobility Service Engine. Meanwhile, the Cisco 7000 Nexus Series switches and UCS fabric components are among those products that have been confirmed as not vulnerable.

Juniper Networks Inc. (NYSE: JNPR)'s advisory includes its Juno OS version 13.3R1, though earlier versions of the OS are listed as not vulnerable.

Since news about the Heartbleed bug broke earlier this week, numerous companies reportedly are reviewing their products and services to size up the possible risk, so there may be more advisories to come from other telecom firms.

In addition to the actions by Cisco and Juniper, Telenor issued an advisory to customers in Norway to change passwords for their Telenor services, even though it has classified the Heartbleed threat as "low." (See Eurobites: Telenor Counters Heartbleed Threat.)

And it wouldn't be a networking issue if there wasn't some sort of virtualization angle. Check out this InformationWeek article that suggests SDN might have a solution to the kind of problems Heartbleed is posing.

— Dan O'Shea, Managing Editor, Light Reading

(15)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Page 1 / 2   >   >>
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:48:34 PM
Re: Open source
People in accounting and middle management live in spreadsheets, however. 
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 6:29:40 PM
Re: Open source
I still think we're not understanding each other.

The way that software that is open source is made "quality" is by a kind of tailoring.

So, think of an open source tree, not as a house, but as lumber -- or rather prefab panels.

At no point would you simply bring home material from a lumberyard, through it together and insist that you've just built a home.

So, where we disagree is on the locus and extent of expertise.

In the traditional software house, all the higher level functions such as coding and QA are internal.    In the open source model it is expected, and in some sense because of the zero cost of the software, that you will have one or more expert craftsman in your own organization to nail together the final product.   And those craftsmen are not just Lego brick assemblers, but real honest to goodness computer programmers!

 
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 6:23:27 PM
Re: Open source
True, but that cuts both ways.

Developers don't use spreadsheets ... because most people don't use spreadsheets!

What you say?   Well, for the most part, most simply do not use spreadsheets.  The majority of computing is now done using web forms...many of which, with dynamic java, have replaced the movable functions of spreadsheets.

But it gets worse.

Of those who "use" spreadsheets, even fewer create spreadsheets...most using a travel expense spreadsheet.

Of those who create a spreasheet, most never use more than one worksheet.

Of those who use more than one worksheet in a workbook, most never build macros.

And so on...
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/14/2014 | 5:02:23 PM
Re: Open source
Reminds me of another problem with open source: Developers are attracted to projects they themselves use. So the web browsers and IDEs are very sophsiticated, but spreadsheets are rudimentary. Because developers don't use spreasheets. That was true at one time -- I don't know if the state of open source spreadsheets has advanced. 

Good question regarding the heartbeat. Why do you need a heartbeat? If the server is down or off the network, it just doesn't respond. 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/14/2014 | 4:59:45 PM
Re: Open source
danielcawrey - As I understand it, Certain Government Agencies are issuing unambiguous denials. But their credibility is suspect. 
brookseven
50%
50%
brookseven,
User Rank: Light Sabre
4/14/2014 | 1:19:53 PM
Re: Open source
 

I think that the truth lies somewhere in the middle here.

First off, most of the major OS projects do not willy nilly accept all submissions.  That does not mean that bad quality code never gets added, but I think putting out the notion that a guy off the street can automatically get his code in an Apache Web Server needs to get cut off right here.

Secondly, the lack of central control means that there has been challenges with the tidiness of many open source projects.  Having many brains both good and bad adding code can create all kinds of cruft.

Third, it is up to the user of an OS project to perform their QA on new OS releases.  One has to be very careful in picking up a new version from any OS stream.  We always treat the inclusion of a new OS version as equivalent to a maintenance release.

I suspect that nobody did had a regression suite for that testcase.  I know given the breadth of deployment of this code that seems unlikely.  But given the number of folks who don't retest OS once they have integrated it, I think that seems likely.

 

seven

 
t.bogataj
50%
50%
t.bogataj,
User Rank: Light Sabre
4/14/2014 | 12:37:43 PM
Re: Open source
I agree, but my point was elsewhere.

On one hand, the open-source community is a bustling space of experts keen to share their ideas and expertise; on the other, anyone can contribute, according to his/her (limited) skills. In my workplace I see the the full spectrum of coders/programmers, and I also see the difference: the creative ones are neither good at defensive coding, nor they have the discipline to critically evaluate their own design.

The "creative programmers" and the "good coders" generally do not overlap. Without proper control (yes, literally: control) over what is accepted in the main trunk (or an open-source project), even those considered best will participate their share of flaws and bugs.

As a wiser person said: The difference between a beginner and an expert programmer is not that the expert does not make bugs; the difference is that the expert generates bugs which are much more sophisticated and much harder to debug.

I am not advocating for the "corporate-style" control over open-source projects. But I firmly believe that following formal procedures and best practices is a must. Which is not really the case in the open-source community.

T.

PS. Regarding democracy... another quote (by W. C.): The best argument against democracy is a five-minute talk to an average voter.
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 12:16:35 PM
Re: Open source
I don't think that's quite it.

Open source -- like democracy -- requires an intelligent and aware set of users at all levels.  You can't expect to bite off a big block of code and have it be exactly what you want.  So the "corporate review" would be done (and should have been done) by a savvy IT department.

It's expected that there will be expertise at both ends of the supply chain.  That means companies that employ people with the proper skill set.   This differs from the Lego-model of programming where large software manufacturers sell pre-packaged assemblies that are guaranteed to certain degree of reliability.

Although, truth be told, if you dig deep enough, there are no real guarantees.  Any time you put all your eggs in one basket -- whether it be a runtime, or library -- you risk the danger of overleverage.

 
t.bogataj
50%
50%
t.bogataj,
User Rank: Light Sabre
4/14/2014 | 3:28:49 AM
Re: Open source
The difference between open-source effort and a formal corporate process is that in the former, the programmers do not have to bother with design reviews, coding rules, best practices; there are no bosses to scrutinize your work, and no annoying people from V&V filing bug reports. It's nice and cozy to code in a friendly community.

And Heartbleed bug is the result.

T.
DOShea
50%
50%
DOShea,
User Rank: Blogger
4/13/2014 | 3:48:26 PM
AT&T
After this story was published, AT&T posted this note about its own Heartbleed evaluation on its consumer blog: http://blogs.att.net/consumerblog/story/a7795231
Page 1 / 2   >   >>
Flash Poll
From The Founder
Then pick up your axe, put on your spandex trousers and get yourself down to Light Reading's Big Telecom Event (BTE). Kerrang!!!
LRTV Custom TV
Next-Generation CCAP: Cisco cBR-8 Evolved CCAP

5|5|15   |   04:49   |   (0) comments


John Chapman, Cisco's CTO of Cable Access Business Unit and Cisco Fellow, explained the innovation design of Cisco's cBR-8, the industry's first Evolved CCAP, including DOCSIS 3.1 design from ground-up, distributed CCAP with Remote PHY and path to virtualization. Cisco's cBR-8 Evolved CCAP is the platform that will last through the transitions.
LRTV Custom TV
Meeting the Demands of Bandwidth & Service Group Growth

5|1|15   |   5:35   |   (0) comments


Jorge Salinger, Comcast's Vice President of Access Architecture, explains how DOCSIS 3.1 and multi-service CCAP can meet the demands of the bandwidth and service group growth.
LRTV Custom TV
DOCSIS 3.1: Transforming Cable From Hardware-Defined Network to Software-Defined Network

4|29|15   |   03:48   |   (0) comments


John Chapman, Cisco's CTO of Cable Access Business Unit and Cisco Fellow, explains how DOCSIS 3.1 can transform cable HFC network to a more agile software-defined network.
LRTV Huawei Video Resource Center
Predicting Traffic Patterns for Quality Mobile Broadband

4|29|15   |   6:45   |   (0) comments


Accessing information ubiquitously creates complexity and creates heavy traffic onto the network, especially at large-scale events like sporting events or festivals. In this video, Huawei's Mohammad Hussain speaks to experts about how to predict traffic and improve user experience during periods of heavy traffic.
Between the CEOs
Ciena CEO: The Web-Scale Revolution

4|28|15   |   10:32   |   (3) comments


Light Reading CEO and founder Steve Saunders goes head-to-head with long-time Ciena CEO Gary Smith to discuss the impact of the web-scale players, the New IP and 'white box' networks.
LRTV Documentaries
Cox Eyes Cloud-Based Home Networks

4|27|15   |   05:30   |   (0) comments


Cox's Jeff Finkelstein explains how moving services to the cloud will let cable deliver services faster and eliminate constant hardware replacements.
LRTV Documentaries
CableLabs' Clarke Updates Cable Virtualization

4|23|15   |   05:41   |   (1) comment


Former BT exec now leading CableLabs' NFV and SDN efforts explains key role of open source and updates efforts to virtualize the home network.
LRTV Interviews
Ericsson's CTO Talks Transformation: Pt. II

4|23|15   |   08:19   |   (1) comment


In the second installment of an in-depth two-part interview, Ericsson's CTO Ulf Ewaldsson talks to Light Reading CEO and founder Steve Saunders about cultural change, network slicing and technology advances.
LRTV Interviews
Ericsson's CTO Talks Transformation: Pt. I

4|23|15   |   09:27   |   (3) comments


In the first installment of an in-depth two-part interview, Ericsson's CTO Ulf Ewaldsson talks to Light Reading CEO and founder Steve Saunders about the incredible transformation underway in the communications networking industry.
LRTV Documentaries
LTE Paves the Way for the 5G Revolution

4|20|15   |   4:20   |   (0) comments


Håkan Andersson, head of 5G product strategy of the Radio Business Unit at Ericsson, discusses the role of LTE, the US and other industry verticals in building a true 5G ecosystem.
LRTV Documentaries
The 3GPP's Road to 5G Standardization

4|17|15   |   4:43   |   (0) comments


Satoshi Nagata, chairman of the 3GPP's TSG-RAN group and a manager at NTT Docomo, explains the standardization process for 5G, as well as the biggest challenges and opportunities.
LRTV Documentaries
AlcaLu CTO Makes the Case for a New 5G Air Interface

4|16|15   |   3:54   |   (0) comments


Michael Peeters, CTO of wireless at Alcatel-Lucent, explains why 5G will require a new air interface to meet its diverse performance targets.
Upcoming Live Events
May 12, 2015, Grand Hyatt, Denver, CO
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 8, 2015, Chicago, IL
June 9, 2015, Chicago, IL
June 9-10, 2015, Chicago, IL
June 10, 2015, Chicago, IL
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
October 6, 2015, Westin Peachtree Plaza, Atlanta, GA
November 11-12, 2015, The Westin Peachtree Plaza, Atlanta, GA
All Upcoming Live Events
Infographics
A study run by Insights in Marketing and commissioned by Meredith shows the devices, channels and ways in which women are consuming content.
Hot Topics
No Service, No Problem: 5 Places That Want to Be Unconnected
Eryn Leavens, Copy Desk Editor, 5/1/2015
Cyan Says It Wasn't Starving Before Ciena Bid
Dan O'Shea, Managing Editor, 5/5/2015
Cisco's Robbins to Replace Chambers as CEO
Sarah Thomas, Editorial Operations Director, 5/4/2015
Sprint Maps Out Its Next-Generation Network
Sarah Thomas, Editorial Operations Director, 5/5/2015
Ciena's Cyan Buy: It's All About the Software
Dan O'Shea, Managing Editor, 5/4/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Light Reading CEO and founder Steve Saunders goes head-to-head with long-time Ciena CEO Gary Smith to discuss the impact of the web-scale players, the New IP and 'white box' networks.
Many leading communications companies can claim to have undergone significant periods of reinvention during their histories, but none have been through more major ...
Cats with Phones
Cinco de Mayo Click Here
Cats With Phones says Happy Cinco de Mayo. Accessorize appropriately.