Is there anything to worry about with the latest threat Heartbleed ?????

Contributor

Is there anything to worry about with the latest threat Heartbleed ?????

I have been hearing about the latest threat Heartbleed and they have infiltrated Cisco. Doesn't AT&T use Cisco to provide equiptment for wireless access points? Is there anything to worry about with this threat? I have heard this threat can steal all of our passwords among other threats

Message 1 of 7 (780 Views)
ACE - Expert

Re: Is there anything to worry about with the latest threat Heartbleed ?????

Unless you've modified the RG's firewall to allow it, there should not be public access through your Residential Gateway to any of the AT&T provided Cisco gear.  Thus there should not be any opportunity for a hacker to gain access to any of the Cisco gear in your home.  Assuming that they did gain access, and were able to exploit the deficiency, I can't think of anything they could really learn from the boxes except maybe what channel you're currently watching.

 

The exploit allows the attacker to read the contents of the system memory of the affected system.  What is in the system memory of your Cisco WAP or TV Reciever that you need to keep private?

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 2 of 7 (757 Views)
Highlighted
ACE - Expert

Re: Is there anything to worry about with the latest threat Heartbleed ?????

Also, the TV receivers themselves (Cisco or Motorola) run Windows CE.  Microsoft provides an SSL implementation for Windows CE which is not based on OpenSSL, so the Receivers themselves should have no OpenSSL code in them anyway.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 3 of 7 (755 Views)
Employee

Re: Is there anything to worry about with the latest threat Heartbleed ?????

The "HeartBleed" vulnerability affects primarily Linux-based platforms, and a few BSD-based platforms (Apple computers are BSD, but not an afflicted flavor).

 

As previously mentioned, Windows products are not affected unless running packages like "cygnus," which allows Linux/unix apps to operate on a Windows platform, and then it must also be running specific versions of OpenSSL.

 

HeartBleed has been around for quite a while; it's only recently been picked up by the press and media.

 

Employee Contributor*
*I am an AT&T employee and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Message 4 of 7 (641 Views)
ACE - Expert

Re: Is there anything to worry about with the latest threat Heartbleed ?????


ScottMac wrote:

 

HeartBleed has been around for quite a while; it's only recently been picked up by the press and media.

 


While the vulnerability has been around for a while, it was only recently publicly disclosed.  No one knows how many people have known about it for how long and what use they may have been making of it.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 5 of 7 (631 Views)
Contributor

Re: Is there anything to worry about with the latest threat Heartbleed ?????

Thank you I was not sure

Message 6 of 7 (506 Views)
Contributor

Re: Is there anything to worry about with the latest threat Heartbleed ?????

Thanks for the info

Message 7 of 7 (503 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.