....and while we're at it.......another round of OpenSSL vulnerabilities..

Started by icecream-guy, June 16, 2015, 07:33:43 AM

Previous topic - Next topic

icecream-guy


This one ya gotta keep an eye on, as there is very little info released.
( I assume it will affect the same stuff as the the June 2014, Jan 2015, & Mar 2015 OpenSSL vulnerabilities affected)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

:professorcat:

My Moral Fibers have been cut.

Reggle

I was able to patch some Linux servers already. But Cisco always takes such work. No small openSSL hotfix.

AnthonyC

Seems like every other month we hear yet another vulnerability on openssl and the project really seems poorly run (https://marc.info/?l=openbsd-misc&m=139698608410938&w=2), especially considering how much of Internet security relies on that piece of software, it is quite scary. 

The libressl (http://www.tedunangst.com/flak/post/origins-of-libressl) fork seems to be the better choice for the future, hopefully vendors will at least give us the choice of using libressl instead of openssl.
"It can also be argued that DNA is nothing more than a program designed to preserve itself. Life has become more complex in the overwhelming sea of information. And life, when organized into species, relies upon genes to be its memory system."

wintermute000

It's days like this I am so glad I got out of operations. So sick of constant terrifying busywork of upgrading monolithic vendor black boxes   

deanwebb

I read an article from a guy that was skeptic about Meraki's MX firewall and then did a 180 because he realized that it was a security solution that would always be up to date, had a great GUI, and was very easy to use and get data from.

The "always up to date" part is a big assumption, but I would certainly say that it would be more likely to be up to date than about 95% of all other firewalls.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

LynK

Quote from: deanwebb on June 21, 2015, 10:23:29 AM
I read an article from a guy that was skeptic about Meraki's MX firewall and then did a 180 because he realized that it was a security solution that would always be up to date, had a great GUI, and was very easy to use and get data from.

The "always up to date" part is a big assumption, but I would certainly say that it would be more likely to be up to date than about 95% of all other firewalls.

I too spoke with an engineer who deployed an MX firewall. I asked him why he liked it, and he said 2 things. 1) IT EASYYYYYYY 2) The GUI

I have never used or seen the UI. But he almost had me interested.
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

wintermute000

It's a good product. Most midmarket customers don't need the features it can't do. It's killing it out there