Light Reading
Companies issued warnings about possible vulnerabilities in some of their equipment, and continue to update the lists of products that may be affected.

Cisco, Juniper Treating Gear Against Potential Heartbleed

Dan O'Shea
4/11/2014
50%
50%

Cisco Systems and Juniper Networks are among the latest technology companies working to address potential problems related to the Heartbleed OpenSSL bug.

Both companies issued warnings about possible vulnerabilities in some of their equipment, and continue to update the lists of products that may be affected, or have received patch fixes, or have been confirmed as unaffected.

Among Cisco Systems Inc. (Nasdaq: CSCO) gear listed as "vulnerable" to the bug are Cisco's MS200X Ethernet Access Switch and its Mobility Service Engine. Meanwhile, the Cisco 7000 Nexus Series switches and UCS fabric components are among those products that have been confirmed as not vulnerable.

Juniper Networks Inc. (NYSE: JNPR)'s advisory includes its Juno OS version 13.3R1, though earlier versions of the OS are listed as not vulnerable.

Since news about the Heartbleed bug broke earlier this week, numerous companies reportedly are reviewing their products and services to size up the possible risk, so there may be more advisories to come from other telecom firms.

In addition to the actions by Cisco and Juniper, Telenor issued an advisory to customers in Norway to change passwords for their Telenor services, even though it has classified the Heartbleed threat as "low." (See Eurobites: Telenor Counters Heartbleed Threat.)

And it wouldn't be a networking issue if there wasn't some sort of virtualization angle. Check out this InformationWeek article that suggests SDN might have a solution to the kind of problems Heartbleed is posing.

— Dan O'Shea, Managing Editor, Light Reading

(15)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/15/2014 | 4:48:34 PM
Re: Open source
People in accounting and middle management live in spreadsheets, however. 
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 6:29:40 PM
Re: Open source
I still think we're not understanding each other.

The way that software that is open source is made "quality" is by a kind of tailoring.

So, think of an open source tree, not as a house, but as lumber -- or rather prefab panels.

At no point would you simply bring home material from a lumberyard, through it together and insist that you've just built a home.

So, where we disagree is on the locus and extent of expertise.

In the traditional software house, all the higher level functions such as coding and QA are internal.    In the open source model it is expected, and in some sense because of the zero cost of the software, that you will have one or more expert craftsman in your own organization to nail together the final product.   And those craftsmen are not just Lego brick assemblers, but real honest to goodness computer programmers!

 
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 6:23:27 PM
Re: Open source
True, but that cuts both ways.

Developers don't use spreadsheets ... because most people don't use spreadsheets!

What you say?   Well, for the most part, most simply do not use spreadsheets.  The majority of computing is now done using web forms...many of which, with dynamic java, have replaced the movable functions of spreadsheets.

But it gets worse.

Of those who "use" spreadsheets, even fewer create spreadsheets...most using a travel expense spreadsheet.

Of those who create a spreasheet, most never use more than one worksheet.

Of those who use more than one worksheet in a workbook, most never build macros.

And so on...
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/14/2014 | 5:02:23 PM
Re: Open source
Reminds me of another problem with open source: Developers are attracted to projects they themselves use. So the web browsers and IDEs are very sophsiticated, but spreadsheets are rudimentary. Because developers don't use spreasheets. That was true at one time -- I don't know if the state of open source spreadsheets has advanced. 

Good question regarding the heartbeat. Why do you need a heartbeat? If the server is down or off the network, it just doesn't respond. 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
4/14/2014 | 4:59:45 PM
Re: Open source
danielcawrey - As I understand it, Certain Government Agencies are issuing unambiguous denials. But their credibility is suspect. 
brookseven
50%
50%
brookseven,
User Rank: Light Sabre
4/14/2014 | 1:19:53 PM
Re: Open source
 

I think that the truth lies somewhere in the middle here.

First off, most of the major OS projects do not willy nilly accept all submissions.  That does not mean that bad quality code never gets added, but I think putting out the notion that a guy off the street can automatically get his code in an Apache Web Server needs to get cut off right here.

Secondly, the lack of central control means that there has been challenges with the tidiness of many open source projects.  Having many brains both good and bad adding code can create all kinds of cruft.

Third, it is up to the user of an OS project to perform their QA on new OS releases.  One has to be very careful in picking up a new version from any OS stream.  We always treat the inclusion of a new OS version as equivalent to a maintenance release.

I suspect that nobody did had a regression suite for that testcase.  I know given the breadth of deployment of this code that seems unlikely.  But given the number of folks who don't retest OS once they have integrated it, I think that seems likely.

 

seven

 
t.bogataj
50%
50%
t.bogataj,
User Rank: Light Sabre
4/14/2014 | 12:37:43 PM
Re: Open source
I agree, but my point was elsewhere.

On one hand, the open-source community is a bustling space of experts keen to share their ideas and expertise; on the other, anyone can contribute, according to his/her (limited) skills. In my workplace I see the the full spectrum of coders/programmers, and I also see the difference: the creative ones are neither good at defensive coding, nor they have the discipline to critically evaluate their own design.

The "creative programmers" and the "good coders" generally do not overlap. Without proper control (yes, literally: control) over what is accepted in the main trunk (or an open-source project), even those considered best will participate their share of flaws and bugs.

As a wiser person said: The difference between a beginner and an expert programmer is not that the expert does not make bugs; the difference is that the expert generates bugs which are much more sophisticated and much harder to debug.

I am not advocating for the "corporate-style" control over open-source projects. But I firmly believe that following formal procedures and best practices is a must. Which is not really the case in the open-source community.

T.

PS. Regarding democracy... another quote (by W. C.): The best argument against democracy is a five-minute talk to an average voter.
jabailo
50%
50%
jabailo,
User Rank: Light Sabre
4/14/2014 | 12:16:35 PM
Re: Open source
I don't think that's quite it.

Open source -- like democracy -- requires an intelligent and aware set of users at all levels.  You can't expect to bite off a big block of code and have it be exactly what you want.  So the "corporate review" would be done (and should have been done) by a savvy IT department.

It's expected that there will be expertise at both ends of the supply chain.  That means companies that employ people with the proper skill set.   This differs from the Lego-model of programming where large software manufacturers sell pre-packaged assemblies that are guaranteed to certain degree of reliability.

Although, truth be told, if you dig deep enough, there are no real guarantees.  Any time you put all your eggs in one basket -- whether it be a runtime, or library -- you risk the danger of overleverage.

 
t.bogataj
50%
50%
t.bogataj,
User Rank: Light Sabre
4/14/2014 | 3:28:49 AM
Re: Open source
The difference between open-source effort and a formal corporate process is that in the former, the programmers do not have to bother with design reviews, coding rules, best practices; there are no bosses to scrutinize your work, and no annoying people from V&V filing bug reports. It's nice and cozy to code in a friendly community.

And Heartbleed bug is the result.

T.
DOShea
50%
50%
DOShea,
User Rank: Blogger
4/13/2014 | 3:48:26 PM
AT&T
After this story was published, AT&T posted this note about its own Heartbleed evaluation on its consumer blog: http://blogs.att.net/consumerblog/story/a7795231
Page 1 / 2   >   >>
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Documentaries
Optical Is Hot in 2015

1|23|15   |   01:56   |   (2) comments


Optical comms technology underpins the whole communications sector and there are some really hot trends set for 2015.
LRTV Custom TV
Policy Control in the Fast Lane

1|22|15   |   2:57   |   (0) comments


What's making policy control strategic in 2015 and beyond? Amdocs talks with Graham Finnie from Heavy Reading about some of the key factors driving change in the data services landscape. Find out what his policy management research reveals about the road ahead for policy control.
LRTV Documentaries
Highlights From the 2020 Vision Executive Summit

1|21|15   |   4:33   |   (2) comments


In December 2014, Light Reading brought together telecom executives in Reykjavik, Iceland to discuss their vision for high-capacity networks through the end of the decade. The intimate, interactive meeting was set against the backdrop of Iceland's spectacular natural beauty. As one of the event's founding sponsors, Cisco's Doug Webster shared his company's ...
LRTV Huawei Video Resource Center
Huawei Pay-TV Partner Harmonic, Helping Carriers Accelerate 4K Video Deployment with Huawei

1|20|15   |   5:42   |   (1) comment


At IBC, Peter Alexander, Senior Vice President & CMO at Harmonic, speaks about the growing interest in pay-TV service and its branching into multiple devices.
LRTV Huawei Video Resource Center
Sony Marketing Director Olivier Bovis Discusses the Outlook for 4K and Cooperation With Huawei at IBC 2014

1|20|15   |   6:50   |   (0) comments


At IBC, Olivier Bovis, Marketing Director of Sony, speaks about the coming of the 4K era.
LRTV Huawei Video Resource Center
Huawei Pay-TV Partner Envivio, Helping Carriers Accelerate 4K Video Deployment

1|20|15   |   2:57   |   (0) comments


At IBC, Olivier Bovis, Marketing Director of Sony, speaks about the coming of the 4K era.
LRTV Huawei Video Resource Center
Pay-TV's Networked Future

1|20|15   |   6:29   |   (0) comments


At IBC, Jeff Heynen, Principal Analyst at Infonetics, speaks about the future of the pay-TV industry and its transition.
LRTV Huawei Video Resource Center
Jeff Heynen: Distributed Access Will Help MSOs Compete in the Future

1|20|15   |   2:26   |   (0) comments


At IBC, Jeff Heynen, Principal Analyst at Infonetics, speaks about moving to distributed access and the future trend of cable business.
LRTV Interviews
Cisco Talks Transformation

1|20|15   |   13:02   |   (0) comments


In December 2014, Steve Saunders sat down with Cisco VP of Products & Solutions Marketing Doug Webster at Light Reading's 2020 Vision executive summit in Reykjavik, Iceland. They spoke about Cisco's approach to network virtualization as well as how service providers can begin to monetize high-capacity networks through the end of the decade.
LRTV Interviews
Bob Wilson, Arsenal Legend: The Light Reading Interview

1|16|15   |   35:36   |   (3) comments


Arsenal goalkeeping legend Bob Wilson was Light Reading's guest interviewee at the 2020 Vision Executive Summit in December. See what the former soccer star and sports broadcaster had to say when he took to the stage in Iceland.
LRTV Custom TV
What MEF Third Network Initiative Means for SDN & NFV

1|14|15   |   6:13   |   (0) comments


Vitesse Semiconductor CTO Martin Nuss discusses the importance of the MEF Third Network initiative and why it's good news for SDN/NFV industry initiatives.
LRTV Huawei Video Resource Center
Frank Miller: Distributed Solutions are the Best Build for the Future - Part II

1|9|15   |   2:46   |   (0) comments


At SCTE, Frank Miller, Global CTO of MSO at Huawei, speaks about Cable 2.0 and its innovative future.
Upcoming Live Events
February 5, 2015, Washington, DC
February 19, 2015, The Fairmont San Jose, San Jose, CA
March 17, 2015, The Cable Center, Denver, CO
April 14, 2015, The Westin Times Square, New York City, NY
May 12, 2015, Grand Hyatt, Denver, CO
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
September 9-10, 2015, The Westin Galleria Dallas, Dallas, TX
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
November 11-12, 2015, The Westin Peachtree Plaza, Atlanta, GA
December 1, 2015, The Westin Times Square, New York City
December 2-3, 2015, The Westin Times Square, New York City
Infographics
Hot Topics
Cuomo Unveils Broadband Aid Program
Alan Breznick, Cable/Video Practice Leader, 1/19/2015
BlackBerry Wants Net Neutrality Protection -- That's Just Sad
Mitch Wagner, West Coast Bureau Chief, Light Reading, 1/22/2015
FiOS Picks Up Pace Again
Alan Breznick, Cable/Video Practice Leader, 1/22/2015
Verizon Ready for Google MVNO Challenge
Dan Jones, Mobile Editor, 1/22/2015
Indiana Carrier Takes Fiber to the Farm
Jason Meyers, Senior Editor, Gigabit Cities/IoT, 1/22/2015
Like Us on Facebook
Twitter Feed
Webinar Archive