Mailing List
Mailing List
Sign Up Here
Like, follow & share: visit DrayTek UK's Facebook page visit DrayTek UK's Twitter page visit DrayTek UK's Linkedin page
DrayTek

Security Advisory: Heartbleed OpenSSL Exploit

Products:
All

 

Security Advisory: Heartbleed / OpenSSL Web Vulnerability

 

In April 2014, news broke of a vulnerability in the OpenSSL standard which has been named 'Heartbleed'. This vulnerability is also known by the identifications CVE-2014-0160 or VU#720951.

OpenSSL  is  used  by  many  Internet  service  providers, services  and also Internet hardware. Heartbleed is considered to be a 'major  vulnerability'  and  for  that reason it is recommended that you assess all of your Internet hardware, services (including hosting providers) and software to see if it might be affected. Major sites such  as  Google,  Facebook and Youtube were considered vulnerable but promptly updated ('patched') their services. 

DrayTek Products

 

We confirm that no DrayTek web sites or hardware products use (or have used) the vulnerable OpenSSL service/protocol; no action is required for any of these.

 

This covers/includes the following web sites: draytek.com, draytek.co.uk, draytel.org, seg.co.uk and includes all sub-domains of those web sites such as forum.draytek.co.uk or myvigor.draytek.com.  This also covers all DrayTek hardware products ('Vigor' series products), including all routers, wireless access points and switches. None of these aforementioned sites and products use the vulnerable protocol/service and are therefore considered 'safe' in this respect. It is not necessary to change your passwords (except as part of normal regular password change schedules or if you have used the same password on a vulnerable site).

 

Advice Regarding other Services / Products (non-DrayTek)

You should check equivalent statements/advisories from the providers of all of your other networking hardware vendors, servers, web service providers and ISPs.

If any service/hardware is affected, it is recommended that you and your users change their passwords once you have patched/updated. For more technical details of Heartbleed, visit heartbleed.com (External site; outside the responsibility of DrayTek).   If you have used the same passwords on more than one service/device (never recommended!) and any of those services or devices were affected then you should change the password on all services, even on those which were not affected by the vulnerability.

 


Disclaimer : Please check this web page again for any new/updated information. You are advised to always keep your product's firmware or software up-to-date and keep in touch with your vendors to be advised of any new vulnerabilities (for example by subscribing to mailing lists). The information is this web page is provided in good faith based on the the information available to us at the current time, following an appropriate assessment but without acceptance of liability in the case of new, developing or existing threats or unlawful activity against your system. Any suggestions given above are provided as general information but should not be considered a thorough or specific assessment of your own individual security risks and you should take formal advice from a security expert to asssess your specific security needs. As with any advisory, the suggested advice forms part of your own security planning and protocols.

 

 




Add a comment to this article

In the below box, you can add comments which you consider might be helpful to other users reading this article:

(As you'd like it to appear on the comment)


NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.