Many IT people, ourselves included were greeted this morning with notices from various vendors that have products using the affected OpenSSL libraries. Fortunately, most of these notifications were to state that patches are available for the vulnerability and recommendations to rebuild certificate pools are laid out in detail. We have been using Watchguard firewall appliances for many years and were pleased with the speedy response of their development teams, despite the sudden surprise workload this generated as we patched up our clients with newer (only firmware 11.8 was affected) equipment. Most vendors have been fantastic and responding to what is quite possibly the most widespread vulnerability the internet has ever seen. Other vendors that have publicly announced that they have affected products are:
Cisco Systems – No listing of products has been published yet, but they are conducting an investigation into which products will receive free software updates.
FortiGuard – Some OS updates have already been released with some workarounds publicly available as well.
Juniper Networks – Juniper has posted a list categorizing devices as to whether they are vulnerable, safe or products that have yet to be determined. They are working on updated releases and have given some workaround solutions.
Synology – Companies with Diskstation or Rackstation NAS devices can expect an update at some point in time today.
Some common Open Source solutions have been affected as well with some DD-WRT and OpenWRT firmwares requiring updates. For end users; at this point there have been some recommendations for password resets for affected sites that have patched their servers and rebuilt their certificates. There is a regularly updated list available here at Mashable.