Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: icecream-guy on June 16, 2015, 07:33:43 AM

Title: ....and while we're at it.......another round of OpenSSL vulnerabilities..
Post by: icecream-guy on June 16, 2015, 07:33:43 AM

This one ya gotta keep an eye on, as there is very little info released.
( I assume it will affect the same stuff as the the June 2014, Jan 2015, & Mar 2015 OpenSSL vulnerabilities affected)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

Title: Re: ....and while we're at it.......another round of OpenSSL vulnerabilities..
Post by: Reggle on June 16, 2015, 09:01:23 AM
I was able to patch some Linux servers already. But Cisco always takes such work. No small openSSL hotfix.
Title: Re: ....and while we're at it.......another round of OpenSSL vulnerabilities..
Post by: AnthonyC on June 19, 2015, 03:36:31 PM
Seems like every other month we hear yet another vulnerability on openssl and the project really seems poorly run (https://marc.info/?l=openbsd-misc&m=139698608410938&w=2), especially considering how much of Internet security relies on that piece of software, it is quite scary. 

The libressl (http://www.tedunangst.com/flak/post/origins-of-libressl) fork seems to be the better choice for the future, hopefully vendors will at least give us the choice of using libressl instead of openssl.
Title: Re: ....and while we're at it.......another round of OpenSSL vulnerabilities..
Post by: wintermute000 on June 21, 2015, 07:46:11 AM
It's days like this I am so glad I got out of operations. So sick of constant terrifying busywork of upgrading monolithic vendor black boxes   
Title: Re: ....and while we're at it.......another round of OpenSSL vulnerabilities..
Post by: deanwebb on June 21, 2015, 10:23:29 AM
I read an article from a guy that was skeptic about Meraki's MX firewall and then did a 180 because he realized that it was a security solution that would always be up to date, had a great GUI, and was very easy to use and get data from.

The "always up to date" part is a big assumption, but I would certainly say that it would be more likely to be up to date than about 95% of all other firewalls.
Title: Re: ....and while we're at it.......another round of OpenSSL vulnerabilities..
Post by: LynK on June 22, 2015, 10:30:12 AM
Quote from: deanwebb on June 21, 2015, 10:23:29 AM
I read an article from a guy that was skeptic about Meraki's MX firewall and then did a 180 because he realized that it was a security solution that would always be up to date, had a great GUI, and was very easy to use and get data from.

The "always up to date" part is a big assumption, but I would certainly say that it would be more likely to be up to date than about 95% of all other firewalls.

I too spoke with an engineer who deployed an MX firewall. I asked him why he liked it, and he said 2 things. 1) IT EASYYYYYYY 2) The GUI

I have never used or seen the UI. But he almost had me interested.
Title: Re: ....and while we're at it.......another round of OpenSSL vulnerabilities..
Post by: wintermute000 on June 22, 2015, 10:32:37 PM
It's a good product. Most midmarket customers don't need the features it can't do. It's killing it out there
Text only | Text with Images