On April 7th the Heartbleed (CVE: 2014-0160) security vulnerability was made public along with a fix. Heartbleed represents a vulnerability in the OpenSSL software that provides security for millions of web servers and services across the internet. Many governing bodies and media outlets called the vulnerability one of, if not, the worst security vulnerabilities discovered since the beginning of the internet. As a provider of visual collaboration services, many of which are driven by web services, we wanted to provide a round-up of some of the key announcements and fixes provided by our partners:
Cisco’s security team posted the following article to their blog (OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products) which lists all of the affected Cisco products and current plans for fixes. Of particular interest to our collaboration customers, WebEx Meetings Service, TelePresence Video Communication Service (VCS) and Expressway are already fixed. Details about the specific updates are also in the post. Also, additional investments are currently under way and the Cisco post will continue to be updated.
Polycom posted its security bulletin (Security Advisory Relating to OpenSSL Vulnerability “Heartbleed” on Various Polycom Products) this week and it contains a list of affected Polycom products and their versions. Additionally dates of fixes or estimated fixes are also listed. Check back on Polycom’s site for additional updates.
Blue Jeans issued a statement on April 9th that their services are not affected by the vulnerability and that there is no evidence of any data compromise.
On April 10th an interview was posted with Acano Chief Security Officer Steven Johnstone covering Heartbleed and other security related concerns. In that post Acano announced it had issued a fix the day before and their solution was secure. Of particular interest are the comments about the open source nature of OpenSSL and its importance to the industry.
Pexip provided a statement on Heartbleed as well as a fix that is included in their new Pexip Infinity V4 software that was released earlier this week.
Crestron revealed that with the exception of 2 mobile apps, no Crestron services, products or websites have been affected. The notice discloses the details of the mobile apps here.
IVCi’s Cloud Services
IVCi’s Cloud Video Experience has been tested and none of its services are affected by the Heartbleed Vulnerability.
If you have any question about your solutions and their potential vulnerabilities continue to check the advisories posted by the respective manufacturers.