Quantcast

Wednesday, July 23, 2014         

 Print   Email   Comment | View 1 Comments   Most Popular   Save   Post   Retweet

Security flaw could also affect digital devices, experts say

By Nicole Perlroth & Quentin Hardy

New York Times

POSTED:
LAST UPDATED: 09:14 p.m. HST, Apr 10, 2014


When the Heartbleed bug was disclosed Monday, the attention focused on the fallout for major Internet companies like Yahoo and Amazon. But security experts said the potential for harm could extend much further, to the guts of the Internet and the many devices that connect to it.

By Thursday, some of the companies that make those devices began revealing whether they had been affected.

Cisco Systems, the dominant provider of gear to move traffic through the Internet, said its big routers and servers, as well as its online servers — a big business — were not affected. If they had been, that would have had a significant impact on virtually every major company that connects to the Internet.

Certain products the company produces were affected, it said — some kinds of phones that connect to the Internet, a kind of server that helps people conduct online meetings, and another kind of device used for office communications. Cisco also posted a list of products it had examined for the vulnerability, which it was updating as it continued inspecting its equipment.

A Cisco rival, Juniper Networks, also said its main products were not affected. The only problem it found was in a kind of device for creating private communications on the Internet.

"Besides one product, the exposure for our customers is minimal, if any," said Michael Busselen, vice president of corporate communications at Juniper.

Chuck Malloy, a spokesman for Intel, said his company had been looking through its products for vulnerabilities for several days and so far had found nothing. He said, however, that the search was not yet done.

Qualcomm, a maker of mobile technology, said it was still checking its products.

The Heartbleed flaw was found in the method known as OpenSSL that helps encrypt information on the Internet.

For most people, the web — with sites like Facebook and Google — is the most visible part of the Internet. But hardware like home routers and printers is also connected to the Internet, and OpenSSL is built into some of this hardware.

"That's why this is so nasty," said George Kurtz, chief executive of CrowdStrike, a security firm. "OpenSSL goes far beyond just websites. It's implemented in email protocols and all kinds of embedded devices."

Most of the equipment made by Cisco and Juniper was unaffected because the companies did not use OpenSSL for their encryption.

Security experts say that upgrading and cleaning up those systems, if they are affected, could take years.

"It's one thing to get all of these servers at Yahoo, Google and everyone else fixed, but it's a whole other thing to get these embedded devices fixed up," Kurtz said. "I don't see them getting updated any time soon."






More From The Star-Advertiser

New bug found in popular OpenSSL encryption




 Print   Email   Comment | View 1 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(1)
You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
manakuke wrote:
On top of that undetectable intrusion may go two years back!
on April 11,2014 | 06:44AM
IN OTHER NEWS
Breaking News