The Heartbleed Web-security flaw has been found in the hardware connecting homes and businesses to the Internet, underscoring the amount of time and effort that will be needed to defuse the threat.
Cisco Systems Inc. (CSCO) and Juniper Networks Inc. (JNPR) said some of their networking products are susceptible to the encryption bug, which was recently discovered by researchers at Google Inc. (GOOG) and prompted companies and government agencies to seek fixes to block hackers from gaining access to user names, passwords and other sensitive information.
The Heartbleed warnings come at a time of mounting concern about the security of information following consumer-data breaches at Target Corp. and Neiman Marcus Group Ltd. and the spying scandal involving the National Security Agency. While security experts urged consumers to change their Web passwords as soon as possible, it will take longer to fix networking equipment and software as Cisco and Juniper will have to rely on customers applying the patches they push out, according to Jaime Blasco, director of AlienVault Labs, part of AlienVault LLC.
“It’s more painful to update these kinds of devices,” Blasco said. “You have to go one by one.”