Ask a question
Search in U-verse Forums

U-verse Forums

Reply
Posted Apr 12, 2014
5:49:51 PM
View profile
Is there anything to worry about with the latest threat Heartbleed ?????

I have been hearing about the latest threat Heartbleed and they have infiltrated Cisco. Doesn't AT&T use Cisco to provide equiptment for wireless access points? Is there anything to worry about with this threat? I have heard this threat can steal all of our passwords among other threats

I have been hearing about the latest threat Heartbleed and they have infiltrated Cisco. Doesn't AT&T use Cisco to provide equiptment for wireless access points? Is there anything to worry about with this threat? I have heard this threat can steal all of our passwords among other threats

0
(0)
  • Rate this reply
View profile
Solved
Apr 14, 2014 7:52:25 AM
0
(0)
Employee

The "HeartBleed" vulnerability affects primarily Linux-based platforms, and a few BSD-based platforms (Apple computers are BSD, but not an afflicted flavor).

 

As previously mentioned, Windows products are not affected unless running packages like "cygnus," which allows Linux/unix apps to operate on a Windows platform, and then it must also be running specific versions of OpenSSL.

 

HeartBleed has been around for quite a while; it's only recently been picked up by the press and media.

 

Sent from my phone.
*I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.
Accepted Solution

Is there anything to worry about with the latest threat Heartbleed ?????

666 views
6 replies
(0) Me too
(0) Me too
Reply
View all replies
(6)
Highlighted
0
(0)
  • Rate this reply
View profile
Solved
Apr 12, 2014 8:13:46 PM
0
(0)
ACE - Expert

Unless you've modified the RG's firewall to allow it, there should not be public access through your Residential Gateway to any of the AT&T provided Cisco gear.  Thus there should not be any opportunity for a hacker to gain access to any of the Cisco gear in your home.  Assuming that they did gain access, and were able to exploit the deficiency, I can't think of anything they could really learn from the boxes except maybe what channel you're currently watching.

 

The exploit allows the attacker to read the contents of the system memory of the affected system.  What is in the system memory of your Cisco WAP or TV Reciever that you need to keep private?

 

Unless you've modified the RG's firewall to allow it, there should not be public access through your Residential Gateway to any of the AT&T provided Cisco gear.  Thus there should not be any opportunity for a hacker to gain access to any of the Cisco gear in your home.  Assuming that they did gain access, and were able to exploit the deficiency, I can't think of anything they could really learn from the boxes except maybe what channel you're currently watching.

 

The exploit allows the attacker to read the contents of the system memory of the affected system.  What is in the system memory of your Cisco WAP or TV Reciever that you need to keep private?

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Is there anything to worry about with the latest threat Heartbleed ?????

2 of 7 (643 Views)
Solution
0
(0)
  • Rate this reply
View profile
Solved
Apr 12, 2014 8:16:53 PM
0
(0)
ACE - Expert

Also, the TV receivers themselves (Cisco or Motorola) run Windows CE.  Microsoft provides an SSL implementation for Windows CE which is not based on OpenSSL, so the Receivers themselves should have no OpenSSL code in them anyway.

 

Also, the TV receivers themselves (Cisco or Motorola) run Windows CE.  Microsoft provides an SSL implementation for Windows CE which is not based on OpenSSL, so the Receivers themselves should have no OpenSSL code in them anyway.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Is there anything to worry about with the latest threat Heartbleed ?????

3 of 7 (641 Views)
Solution
0
(0)
  • Rate this reply
View profile
Solved
Apr 14, 2014 7:52:25 AM
0
(0)
Employee

The "HeartBleed" vulnerability affects primarily Linux-based platforms, and a few BSD-based platforms (Apple computers are BSD, but not an afflicted flavor).

 

As previously mentioned, Windows products are not affected unless running packages like "cygnus," which allows Linux/unix apps to operate on a Windows platform, and then it must also be running specific versions of OpenSSL.

 

HeartBleed has been around for quite a while; it's only recently been picked up by the press and media.

 

The "HeartBleed" vulnerability affects primarily Linux-based platforms, and a few BSD-based platforms (Apple computers are BSD, but not an afflicted flavor).

 

As previously mentioned, Windows products are not affected unless running packages like "cygnus," which allows Linux/unix apps to operate on a Windows platform, and then it must also be running specific versions of OpenSSL.

 

HeartBleed has been around for quite a while; it's only recently been picked up by the press and media.

 

Sent from my phone.
*I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

Re: Is there anything to worry about with the latest threat Heartbleed ?????

4 of 7 (527 Views)
Solution
0
(0)
  • Rate this reply
View profile
Apr 14, 2014 9:29:48 AM
0
(0)
ACE - Expert

ScottMac wrote:

 

HeartBleed has been around for quite a while; it's only recently been picked up by the press and media.

 


While the vulnerability has been around for a while, it was only recently publicly disclosed.  No one knows how many people have known about it for how long and what use they may have been making of it.

 


ScottMac wrote:

 

HeartBleed has been around for quite a while; it's only recently been picked up by the press and media.

 


While the vulnerability has been around for a while, it was only recently publicly disclosed.  No one knows how many people have known about it for how long and what use they may have been making of it.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Is there anything to worry about with the latest threat Heartbleed ?????

5 of 7 (517 Views)
0
(0)
  • Rate this reply
View profile
Apr 21, 2014 6:14:18 PM
0
(0)
Contributor

Thank you I was not sure

Thank you I was not sure

Re: Is there anything to worry about with the latest threat Heartbleed ?????

6 of 7 (392 Views)
0
(0)
  • Rate this reply
View profile
Apr 21, 2014 6:15:26 PM
0
(0)
Contributor

Thanks for the info

Thanks for the info

Re: Is there anything to worry about with the latest threat Heartbleed ?????

7 of 7 (389 Views)
Share this post
Share this post