On Wednesday, May 20th, 2015 the Security team at Blue Jeans Network became aware of the latest vulnerability in TLS protocol named "Logjam" or the Weak/EXPORT Diffie-Hellman Man-in-the-middel vulnerability.
This new vulnerability is similar to another recent announcement regarding SSL and TLS and Blue Jeans Network already disabled all "EXPORT" grade cipher suites and is not vulnerable to Logjam or FREAK because of these efforts. In our production environment, we support a minimum of 2048-bit keys for asymmetric encryption, and 128-bit key for symmetric encryption, this applies to Diffie-Hellman key exchanges as well.
The security team at Blue Jeans Network is striving for continuous improvement and staying ahead of these efforts.
If you have further questions, you may contact Technical Support, your Customer Success Manager, or your account representative.
Security @ Blue Jeans Network
On January 27th, 2015; Blue Jeans Network became aware of a new vulnerability in the Linux glibc library known as “Ghost”, filed under CVE-2015-0235. Virtually all Linux systems that perform DNS lookups may be vulnerable to this exploit including applications that are written in C, Python, Perl, Ruby, etc.
Blue Jeans Network Inc, is aware of the recent vulnerability known as the “Bash Bug” or “Shellshock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271).
The Network Operations, Engineering, and Security teams at Blue Jeans Network, Inc. have been working diligently to assess the impact on our infrastructure in the wake of April 7 2014 disclosure of CVE-2014-0160, known the as Heartbleed vulnerability in the popular OpenSSL software. Nearly two-thirds (66%) of service providers on the Internet responded to this critical vulnerability in OpenSSL’s handling of heartbeat packets and conducted a comprehensive security review in response.
With the wide adoption of Skype in the consumer market, it is not surprising that more and more company networks are finding Skype to also be a valuable tool for communication, But one hurdle that seems to confound many IT departments is the “is Skype secure?” question. In short the answer is “yes”. It is, in a few ways. Let me try and explain.
To stay ahead – in business or academia or whatever your industry – it takes real collaboration with partners, customers, vendors and colleagues around the globe. Often times the best way to invent, discuss and work together on a global basis is via video-collaboration. It saves costs and is about as good as it gets when it comes to meeting with colleagues “face-to-face” outside of in-person travel.
But… it’s a scary world out there. There are real security concerns as evidenced by this New York Times article where Rapid7 exposed Goldman Sach’s boardroom video conferencing vulnerability.
According to the article and Mr. Tuchen, CEO of Rapid 7, “New [video] systems are outfitted with a feature that automatically accepts inbound calls so users do not have to press an ‘accept’ button every time someone dials into their videoconference. The effect is that anyone can dial in and look around a room, and the only sign of their presence is a tiny light on a console unit, or the silent swing of a video camera. "Any reasonably computer literate 6-year-old can try this at home”.