Contributor
•
3 Messages
Is there anything to worry about with the latest threat Heartbleed ?????
I have been hearing about the latest threat Heartbleed and they have infiltrated Cisco. Doesn't AT&T use Cisco to provide equiptment for wireless access points? Is there anything to worry about with this threat? I have heard this threat can steal all of our passwords among other threats
Accepted Solution
Official Solution
JefferMC
ACE - Expert
•
35K Messages
10 years ago
Unless you've modified the RG's firewall to allow it, there should not be public access through your Residential Gateway to any of the AT&T provided Cisco gear. Thus there should not be any opportunity for a hacker to gain access to any of the Cisco gear in your home. Assuming that they did gain access, and were able to exploit the deficiency, I can't think of anything they could really learn from the boxes except maybe what channel you're currently watching.
The exploit allows the attacker to read the contents of the system memory of the affected system. What is in the system memory of your Cisco WAP or TV Reciever that you need to keep private?
0
Accepted Solution
Official Solution
JefferMC
ACE - Expert
•
35K Messages
10 years ago
Also, the TV receivers themselves (Cisco or Motorola) run Windows CE. Microsoft provides an SSL implementation for Windows CE which is not based on OpenSSL, so the Receivers themselves should have no OpenSSL code in them anyway.
0
Accepted Solution
Official Solution
ScottMac
Former Employee
•
1.1K Messages
10 years ago
The "HeartBleed" vulnerability affects primarily Linux-based platforms, and a few BSD-based platforms (Apple computers are BSD, but not an afflicted flavor).
As previously mentioned, Windows products are not affected unless running packages like "cygnus," which allows Linux/unix apps to operate on a Windows platform, and then it must also be running specific versions of OpenSSL.
HeartBleed has been around for quite a while; it's only recently been picked up by the press and media.
0
JefferMC
ACE - Expert
•
35K Messages
10 years ago
While the vulnerability has been around for a while, it was only recently publicly disclosed. No one knows how many people have known about it for how long and what use they may have been making of it.
0
0
harleymankeith
Contributor
•
3 Messages
10 years ago
Thank you I was not sure
0
0
harleymankeith
Contributor
•
3 Messages
10 years ago
Thanks for the info
0
0