back to article Cisco FREAKs out, starts epic OpenSSL bug-splat

Cisco admins will be watching and waiting for fixes, with the company announcing that many of its OpenSSL implementations are carrying a bunch of post-POODLE fleas. The Borg has been looking over its kit and software since the OpenSSL project disclosed a bunch of vulns in January, and on March 10 detailed the impacts it's …

  1. Binnacle
    Facepalm

    Most unusual. Cisco has posted three or four different "interim" version of ASA firewall 8.4 firmware with successive series of bug fixes--none regression tested. It's a case of "pick your poison". Haven't seen them hustle like this over a vulnerability before. The downgrade attack is a big worry only if one thinks GCHQ, NSA or China is on their tail, in which case the damage was probably done years ago. We'll wait a couple of days and let the dust settle.

    1. Anonymous Coward
      Anonymous Coward

      Unless...

      The alphabet soup agencies and China have been asleep at the switch and completely missed exploiting these vulnerabilities. You know, the way they missed that the Soviet Union was about to fall.

  2. Anonymous Coward
    Anonymous Coward

    They could use LibreSSL

    LibreSSL

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like