The Heartbleed Bug

heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

http://www.heartbleed.com/

The HeartbleedBug and Cisco 

 

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.

The vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or Datagram Transport Layer Security (DTLS) client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. An exploit could send a specially crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords.

Please note that the devices that are affected by this vulnerability are the devices acting as an SSL server terminating SSL connections or devices acting as an SSL Client initiating an SSL connection. Devices that are simply traversed by SSL traffic without terminating it are not affected.

This advisory will be updated as additional information becomes available. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available. This advisory is available at the following link:

http://www.cisco.com/web/about/security/intelligence/ERP-Heartbleed.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

 

The following Cisco products have been analyzed and are not affected by this vulnerability:

  • Cisco IP Video Phone E20
  • Cisco TelePresence MXP Series
  • Cisco TelePresence Advanced Media Gateway Series
  • Cisco TelePresence IP VCR Series
  • Cisco TelePresence MCU all series

 

The following Cisco products are currently under investigation:

  • Cisco TelePresence Movi with Precision HD USB / Jabber Video
  • Cisco TelePresence Recording Server
  • Tandberg 770/880/990 Series Tandberg
  • Codian ISDN GW 3210/3220/3240
  • Tandberg Codian MSE 8310 model

 

Vulnerable TelePresence Products to Heartbleed
  

Endpoints

 

Infrastructure

  • Cisco Unified Communications Manager (UCM) 10.0 [CSCuo17440]
  • Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
  • Cisco Expressway Series [CSCuo16472]
  • Cisco TelePresence Conductor [CSCuo20306]
  • Cisco TelePresence IP Gateway Series [CSCuo21597]
  • Cisco TelePresence ISDN GW 3241 [CSCuo21486]
  • Cisco TelePresence ISDN GW MSE 8321 [CSCuo21486]
  • Cisco TelePresence ISDN Link [CSCuo26686]
  • Cisco TelePresence Serial Gateway Series [CSCuo21535]
  • Cisco TelePresence Server 8710, 7010 [CSCuo21468]
  • Cisco TelePresence Server on Multiparty Media 310, 320 [CSCuo21468]
  • Cisco TelePresence Server on Virtual Machine [CSCuo21468]
  • Cisco TelePresence Supervisor MSE 8050 [CSCuo21584]

 

Cisco Proximity App for IOS in App Store – Now !!

iPhone

iPhone Screenshot 1iPhone Screenshot 2

iPad

iPad Screenshot 1

iPad Screenshot 2

iPad Screenshot 5

Cisco Intelligent Proximity is an innovative feature set that lets you engage in richer collaboration experiences through your mobile devices. Once downloaded to your mobile device, the Cisco Proximity app allows automatic pairing of the mobile device (smartphone or tablet) with Cisco room-based video collaboration endpoints when they come within proximity. Content shared on the video endpoints can then be viewed on your mobile device, optimizing the real estate of the video endpoints for people. You will also have the flexibility to save shared content from your mobile device, such as select PowerPoint slides, as well as review previously-shared content without interrupting the presenter. In addition, Cisco Proximity allows basic endpoint control, like searching the directory or typing video addresses (URIs) directly in the app.

Cisco Proximity supports the SX10, SX20, SX80, MX200 G2, MX300 G2, MX700 and MX800 endpoints, running the TC 7.1 software or later.

See more on how to enable the endpoint functionality on http://cisco.com/go/proximity

Apple App Store

Intelligent Proximity how to enable ?

To use Intelligent Proximity, you will need a video endpoint EX/MX/C/PROFILE/SX running TC Software Release 6.3 or newer.

For pairing it is using ultrasound, after this the communication is https on WIFI.

A piece of paper can stop the ultrasound, so the you leave the room, you will lose the connection to the codec, then the iPad/iPhone can´t hear the ultrasound. It is not possible to stand in the hallway whit closed doors and see the presentation, do to that the ultrasound can´t go through the door.
[notice]Warning: This is an experimental feature in TC 6.3 and is only intended for demonstrations. Enabling this feature might impact system performance, stability and security. It is not recommended to leave this enabled on production systems. [/notice]

There are 3 ways of enabling Intelligent Proximity:

Using the Remote Control

  •     Open the menu and navigate to Settings -> Administrator settings -> Advanced configuration
  •     In the search field type “byod”
  •     Make sure “Experimental Byod Mode” is set to “On”
  •     In the search field again, type “https”
  •     Make sure “NetworkServices HTTPS Mode” is set to “On”
  •     Intelligent Proximity is now enabled

 

Through Web Interface

  •     Open your web-browser
  •     Enter the ip-address or the hostname of the video endpoint in the address field
  •     Enter username and password
  •     In the menu, select “Configuration” and “System Configuration”
  •     In the search field type “byod”
  •     Under “Experimental Byod”, make sure “Mode” is set to “On”
  •     In the search field again, type “https”
  •     Under “NetworkServices HTTPS”, make sure “Mode” is set to “On”
  •     Click save
  •     Inetlligent Proximity is now enabled

 

Through Telnet/SSH Interface

  • xConfiguration Experimental Byod Mode: On
  • xconfiguration NetworkServices HTTP Mode:On

 

The volume of the ultrasound can also be adjusted:

xConfiguration Experimental AudioPair DemoMode: On (disable automatic volume adjustment)
xConfiguration Experimental AudioPair Volume: 70 (0-100, 70 is default)

Regarding hanging up the call, Cisco are aware of this and this might be improved so that Cisco can prevent random meeting participants being able to hang up the call.

But for the time being the app is “use on your own risk”.

 

In TC 7.1 software or later, Cisco only supports Cisco Proximity on SX10, SX20, SX80, MX200 G2, MX300 G2, MX700 and MX800 endpoints.

[important]Rember to enable it before upgrading to TC7.1 on non-supported devices, and it will still work.[/important]

 

 

[pullquote align=”left|center|right” textalign=”left|center|right” width=”30%”]

Post update 13 May 2014.

[/pullquote]

BYOD mode reintroduced as experimental on EX, MX G1 and C series in TC 7.1.2

BYOD Mode as an experimental configuration for EX, MX G1 and C series was removed from the TC7.1 release. This was due to performance limitations on those platforms. As the removal raised concerns that this would limit our abilities to demonstrate the value of this feature, we have decided to reintroduce the experimental BYOD mode configuration for the above products in TC7.1.2.

[notice] This is an unsupported feature that will not see further development and bug fixing on the EX, MX G1 and C series platforms. This means that there will not be any TAC support for the feature itself, and TAC will request customers to turn off BYOD mode for problem resolution on other issues.[/notice]

Scandinavian Minimalism Combined With Californian Approachability Wins Red Dot Award 2014

Cisco is proud to report that all the new Cisco video collaboration endpoints they unveiled during Enterprise Connect received the coveted Red Dot Award 2014 for product design:

red-dot

  • MX700 and MX800 Series
  • MX200 and MX300 G2 Series
  • SX80 and SpeakerTrack 60
  • SX10 Quick Set
  • Touch 10
  • And one more product that you’ll meet in May…

Rowan Trollopes video about the Red Dot awards.

 

Cisco DX650 in the Retail Industry

Learn how Cisco’s DX650 can help delight your customers with an easier, more responsive shopping experience! In this video, the Cisco DX650 with Cisco Collaboration enables a customer at a kiosk to engage a remote expert to help with their purchase decision. It’s shopping made simple with satisfied customers who will repeat business with you.