Light Reading

Cisco, Juniper Treating Gear Against Potential Heartbleed

Dan O'Shea
4/11/2014
50%
50%

Cisco Systems and Juniper Networks are among the latest technology companies working to address potential problems related to the Heartbleed OpenSSL bug.

Both companies issued warnings about possible vulnerabilities in some of their equipment, and continue to update the lists of products that may be affected, or have received patch fixes, or have been confirmed as unaffected.

Among Cisco Systems Inc. (Nasdaq: CSCO) gear listed as "vulnerable" to the bug are Cisco's MS200X Ethernet Access Switch and its Mobility Service Engine. Meanwhile, the Cisco 7000 Nexus Series switches and UCS fabric components are among those products that have been confirmed as not vulnerable.

Juniper Networks Inc. (NYSE: JNPR)'s advisory includes its Juno OS version 13.3R1, though earlier versions of the OS are listed as not vulnerable.

Since news about the Heartbleed bug broke earlier this week, numerous companies reportedly are reviewing their products and services to size up the possible risk, so there may be more advisories to come from other telecom firms.

In addition to the actions by Cisco and Juniper, Telenor issued an advisory to customers in Norway to change passwords for their Telenor services, even though it has classified the Heartbleed threat as "low." (See Eurobites: Telenor Counters Heartbleed Threat.)

And it wouldn't be a networking issue if there wasn't some sort of virtualization angle. Check out this InformationWeek article that suggests SDN might have a solution to the kind of problems Heartbleed is posing.

— Dan O'Shea, Managing Editor, Light Reading

(15)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:48:34 PM
Re: Open source
People in accounting and middle management live in spreadsheets, however. 
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 6:29:40 PM
Re: Open source
I still think we're not understanding each other.

The way that software that is open source is made "quality" is by a kind of tailoring.

So, think of an open source tree, not as a house, but as lumber -- or rather prefab panels.

At no point would you simply bring home material from a lumberyard, through it together and insist that you've just built a home.

So, where we disagree is on the locus and extent of expertise.

In the traditional software house, all the higher level functions such as coding and QA are internal.    In the open source model it is expected, and in some sense because of the zero cost of the software, that you will have one or more expert craftsman in your own organization to nail together the final product.   And those craftsmen are not just Lego brick assemblers, but real honest to goodness computer programmers!

 
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 6:23:27 PM
Re: Open source
True, but that cuts both ways.

Developers don't use spreadsheets ... because most people don't use spreadsheets!

What you say?   Well, for the most part, most simply do not use spreadsheets.  The majority of computing is now done using web forms...many of which, with dynamic java, have replaced the movable functions of spreadsheets.

But it gets worse.

Of those who "use" spreadsheets, even fewer create spreadsheets...most using a travel expense spreadsheet.

Of those who create a spreasheet, most never use more than one worksheet.

Of those who use more than one worksheet in a workbook, most never build macros.

And so on...
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/14/2014 | 5:02:23 PM
Re: Open source
Reminds me of another problem with open source: Developers are attracted to projects they themselves use. So the web browsers and IDEs are very sophsiticated, but spreadsheets are rudimentary. Because developers don't use spreasheets. That was true at one time -- I don't know if the state of open source spreadsheets has advanced. 

Good question regarding the heartbeat. Why do you need a heartbeat? If the server is down or off the network, it just doesn't respond. 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/14/2014 | 4:59:45 PM
Re: Open source
danielcawrey - As I understand it, Certain Government Agencies are issuing unambiguous denials. But their credibility is suspect. 
brookseven
50%
50%
brookseven,
User Rank: Light Sabre
4/14/2014 | 1:19:53 PM
Re: Open source
 

I think that the truth lies somewhere in the middle here.

First off, most of the major OS projects do not willy nilly accept all submissions.  That does not mean that bad quality code never gets added, but I think putting out the notion that a guy off the street can automatically get his code in an Apache Web Server needs to get cut off right here.

Secondly, the lack of central control means that there has been challenges with the tidiness of many open source projects.  Having many brains both good and bad adding code can create all kinds of cruft.

Third, it is up to the user of an OS project to perform their QA on new OS releases.  One has to be very careful in picking up a new version from any OS stream.  We always treat the inclusion of a new OS version as equivalent to a maintenance release.

I suspect that nobody did had a regression suite for that testcase.  I know given the breadth of deployment of this code that seems unlikely.  But given the number of folks who don't retest OS once they have integrated it, I think that seems likely.

 

seven

 
t.bogataj
50%
50%
t.bogataj,
User Rank: Light Sabre
4/14/2014 | 12:37:43 PM
Re: Open source
I agree, but my point was elsewhere.

On one hand, the open-source community is a bustling space of experts keen to share their ideas and expertise; on the other, anyone can contribute, according to his/her (limited) skills. In my workplace I see the the full spectrum of coders/programmers, and I also see the difference: the creative ones are neither good at defensive coding, nor they have the discipline to critically evaluate their own design.

The "creative programmers" and the "good coders" generally do not overlap. Without proper control (yes, literally: control) over what is accepted in the main trunk (or an open-source project), even those considered best will participate their share of flaws and bugs.

As a wiser person said: The difference between a beginner and an expert programmer is not that the expert does not make bugs; the difference is that the expert generates bugs which are much more sophisticated and much harder to debug.

I am not advocating for the "corporate-style" control over open-source projects. But I firmly believe that following formal procedures and best practices is a must. Which is not really the case in the open-source community.

T.

PS. Regarding democracy... another quote (by W. C.): The best argument against democracy is a five-minute talk to an average voter.
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 12:16:35 PM
Re: Open source
I don't think that's quite it.

Open source -- like democracy -- requires an intelligent and aware set of users at all levels.  You can't expect to bite off a big block of code and have it be exactly what you want.  So the "corporate review" would be done (and should have been done) by a savvy IT department.

It's expected that there will be expertise at both ends of the supply chain.  That means companies that employ people with the proper skill set.   This differs from the Lego-model of programming where large software manufacturers sell pre-packaged assemblies that are guaranteed to certain degree of reliability.

Although, truth be told, if you dig deep enough, there are no real guarantees.  Any time you put all your eggs in one basket -- whether it be a runtime, or library -- you risk the danger of overleverage.

 
t.bogataj
50%
50%
t.bogataj,
User Rank: Light Sabre
4/14/2014 | 3:28:49 AM
Re: Open source
The difference between open-source effort and a formal corporate process is that in the former, the programmers do not have to bother with design reviews, coding rules, best practices; there are no bosses to scrutinize your work, and no annoying people from V&V filing bug reports. It's nice and cozy to code in a friendly community.

And Heartbleed bug is the result.

T.
DOShea
50%
50%
DOShea,
User Rank: Blogger
4/13/2014 | 3:48:26 PM
AT&T
After this story was published, AT&T posted this note about its own Heartbleed evaluation on its consumer blog: http://blogs.att.net/consumerblog/story/a7795231
Page 1 / 2   >   >>
Flash Poll
From The Founder
The New IP is actually bigger even than business. Like another hugely important tech that Light Reading is digging into right now, the New IP has the potential to change the world by fundamentally advancing what it is possible for people to achieve with communications.
LRTV Huawei Video Resource Center
Huawei Shares Its Vision of the Future of Mobile Networks Innovations

2|26|15   |   2:30   |   (0) comments


Mobile broadband is changing our lives. It's reshaping the Internet, industry, and society. It allows us to freely connect with one another anytime, anywhere. At this year's Mobile World Congress, Huawei will share its latest insights and newest ideas and technologies that will shape the future of MBB. They will showcase their end-to-end MBB solutions that will ...
LRTV Huawei Video Resource Center
Accelerate Digitizing, Boost Digital Business

2|26|15   |   6:14   |   (0) comments


A new digital revolution is leading us to a better connected world. Together with millions of digital partners, Huawei will help CSPs to build their digital service ecosystem and aggregate a wide variety of digital services. In this video, we find out how Huawei is going to help CSPs implement digital operations.
LRTV Huawei Video Resource Center
The Secret Recipe to Enabling Hyper-Growth Industries

2|26|15   |   3:38   |   (0) comments


With a number of successful cases on network capability exposure, Huawei is going to share the secret recipe to enabling hyper-growth markets with a step-by-step approach.
LRTV Documentaries
BTE 2015 Is Bigger & Even Better

2|25|15   |   03:13   |   (2) comments


This year's Big Telecom Event (BTE) in Chicago is going to provide more opportunities than ever for networking, getting to grips with key industry challenges and opportunities and, equally as important, having some fun.
LRTV Interviews
Light Reading ICT Leaders Roundtable at MWC 2015

2|12|15   |   1:07   |   (2) comments


On Sunday March 1, 2015, Light Reading will host an ICT Leaders Roundtable in partnership with Huawei. At this half-day event, CIOs, analysts and researchers will discuss key industry trends like virtualization in the cloud with a specific focus on new business models. Located at the luxurious Renaissance Hotel near the Fira Barcelona, space is limited so please ...
LRTV Documentaries
Going Green in 2015

2|12|15   |   02:04   |   (0) comments


Energy efficiency is set to be an incredibly hot topic in the telecom industry this year.
LRTV Custom TV
SDN & NFV: Where Are We Going From Here?

2|11|15   |   11:27   |   (0) comments


Vitesse Semiconductor CTO Martin Nuss gives his perspective on why SDN and NFV should be tightly interconnected and how he sees the industry moving forward.
LRTV Documentaries
Time for Gigabit Europe?

2|9|15   |   01:27   |   (4) comments


Gigabit broadband networks are springing up all around the US and they'll soon become more commonplace in Europe.
LRTV Interviews
Brocade Brings New IP Vision to 2020 Vision Executive Summit

2|3|15   |   4:23   |   (0) comments


In December 2014, Light Reading gathered telecom executives in Reykjavik, Iceland to discuss their vision for high-capacity networks through the end of the decade. The intimate, interactive meeting was set against the backdrop of Iceland's spectacular natural beauty. As one of the event's founding sponsors, Brocade's Kelly Herrell shared his company's strategy at ...
LRTV Interviews
Brocade's Kelly Herrell on the New IP

2|2|15   |   12:36   |   (0) comments


In December 2014, Steve Saunders sat down with Brocade VP of Software Networking Kelly Herrell at Light Reading's 2020 Vision executive summit in Reykjavik, Iceland. They spoke about Brocade's approach to the New IP, the future of the telecom industry, and more.
LRTV Huawei Video Resource Center
Dr. Dong Sun Talks About Carriers' Digital Transformation & Huawei’s Telco OS

1|29|15   |   6:28   |   (0) comments


Dr. Dong Sun, Chief Architect of Digital Transformation Solutions at Huawei, discusses how telecom operators can become digital ecosystem enablers and deliver optimal user experiences that are in real-time, on-demand, all-online, DIY and social (ROADS).
LRTV Huawei Video Resource Center
Huawei's Chief Network Architect Talks about Network Experience & Operators’ Strategies

1|29|15   |   3:39   |   (0) comments


In the digital age, network experience has become the primary productivity especially for telecom operators. In this video, Wenshuan Dang, Huawei’s Chief Network Architect, discusses how carriers can tackle the challenge of infrastructure complexity in order to enhance business agility and improve user experience.
Upcoming Live Events
March 17, 2015, The Cable Center, Denver, CO
April 14, 2015, The Westin Times Square, New York City, NY
May 12, 2015, Grand Hyatt, Denver, CO
All Upcoming Live Events
Infographics
Net neutrality, broadband services and the current outlook on data consumption, as presented by the New Jersey Institute of Technology.
Hot Topics
10 Weirdly Useful IoT Devices
Eryn Leavens, Copy Desk Editor, 2/24/2015
Cyber Security Expert Warns: You're Doing It Wrong
Sarah Thomas, Editorial Operations Director, 2/23/2015
Small Cells Enabling Location Services
Sarah Thomas, Editorial Operations Director, 2/25/2015
Is FCC Weighing Net Neutrality Changes?
Mari Silbey, Independent Technology Editor, 2/25/2015
MWC: Let the Madness Begin
Ray Le Maistre, Editor-in-chief, 2/23/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Check out Light Reading's interview with Jay Samit, the newly appointed CEO of publicly traded SeaChange International Inc. With a resume that includes Sony, EMI, and Universal, Samit brings a reputation as an entrepreneur and a disruptor to his new role at the video solutions company. Hear what he had to say about the opportunities in video, as well as the outlook for cable, telco, OTT and mobile service providers.
G'day! And welcome to an entirely new feature on Light Reading -- our weekly "CEO-to-CEO" interview.