Heartbleeding Out: Internet Security Bug Even Worse Than First Believed

Warnings from Cisco and Juniper suggest the encryption bug is much more widespread—and potentially catastrophic—than initially thought as the networking companies check the vulnerability of their browsers.

The Heartbleed Internet security bug is shaping up to be worse than researchers first realized, possibly compromising routers and other networking infrastructure for a variety of companies.

Cisco, one of the world’s top networking equipment manufacturers, confirmed Thursday that it’s investigating dozens of its routers and video teleconferencing devices and software for the Heartbleed vulnerability. Juniper Networks, another top networking company, has also alerted clients some of its equipment has been compromised by Heartbleed. A message posted to Juniper’s service website Friday said many of its systems would be offline through Saturday while the company performs maintenance.

The Heartbleed vulnerability takes advantage of a flaw in OpenSSL, a free encryption protocol used by thousands of websites around the world to protect visitors’ sensitive data, such as usernames and passwords. Heartbleed essentially lets hackers get an undetectable look at the data transmitted between a user and a server after it’s been decrypted.