A few days ago, heartbleed1.jpgmillions of servers around the world were impacted by Heartbleed, a security vulnerability in OpenSSL. This was arguably one of the hottest topics on the Internet. Organizations scrambled to put a fix in place and update builds. At Juniper, several product teams worked round the clock to ensure that customers get updates on highest priority. As of a short while ago, Junos Pulse Connect Secure (VPN) and Policy Secure (UAC) released patches that would fix the vulnerability for its mobility offering.
Here is something to think about – bugs or vulnerabilities are not released overnight. In other words, all this while (since the time the bug was introduced in OpenSSL) our “secure” data has actually been vulnerable. Scary? Well, its true! Unfortunately, it takes an exploit to make such flaws surface and in many cases, it is too late by the time users realize. While the Internet has rapidly profliferated in the last decade, I believe the general set of attack vectors have grown at a slower pace. That only goes to show that the playing field for the vectors are far too many.
For a complete list of affected products and the fixes for them, please visit our Knowledge Center.