Buffalo Technology NAS products unaffected by ‘Heartbleed’ bug
London, UK (PRWEB UK) 25 April 2014 -- Buffalo Technology, one of the world’s leading manufacturers for Network Attached Storage (NAS), wireless and multimedia systems, announced today that all products running on the latest Buffalo firmware are safe from the ‘Heartbleed’ bug.
The Heartbleed bug in OpenSSL versions 1.0.1 through 1.0.1f (inclusive) can detect passwords and user credentials from various systems and websites. Buffalo has confirmed that its LinkStation and TeraStation NAS products are completely unaffected by the bug. The same applies for the latest Buffalo AirStation routers and all routers running on Buffalo Technology firmware.
However, the manufacturer has urged customers using Buffalo routers that run on DDW-RT firmware to check their settings to ensure they do not become at risk. These devices are the AirStation WZR-HP-G300NH2, WZR-HP-G450H and WZR-HP-AG300H.
Buffalo has advised customers using these routers not to use the device’s standard settings as this may potentially put them at risk. Any customers that have manually activated ‘Open VPN’ can visit this page for updates: http://www.dd-wrt.com/site/content/heartbleed-dd-wrtdd-wrt-online-services.
All three models are End of Life and are no longer available for sale, but Buffalo is working on a patch and advised users not to panic.
Klaas de Vos, COO, Buffalo Europe, said: “Our Japanese software engineers are extremely conservative regarding security aspects. When the new ‘heart beat’ extension was launched for Open SSL they decided not to use it. This turned out to be a good choice.”
Helge Lichner, Sales Engineer at Buffalo Europe, said: “From a technical point of view, it did not make sense to use the extended Open SSL version because our products do not focus on web server services. So instead we kept the tested, stable, and very secure Open SSL versions in our OS for LinkStation, TeraStation and AirStation.”
Peter Steinhäuser, Managing Director at NewMedia-NET GmbH said: “OpenSSL was updated immediately in the DD-WRT SVN repository. Within the next few days we will provide updated versions for all routers including the Buffalo specific versions. Concerned users should check first if their setup is really affected by Heartbleed – by default no service employing OpenSSL is active in DDW-RT.”
ENDS
Notes to Editors
About Heartbleed
Heartbleed is a bug named after the ‘heart beat’ extension in the TLS/SSL protocol. The heart beat extension keeps an SSL connection alive. For servers it makes sense because re-establishing a connection requires more system resources than checking the connections and cut the connection only if the client does not answer any more. The intention was to improve the performance of servers and safe resources. However, this extension has a design flaw, hence the name ‘Heartbleed’. If an Open SSL version is installed that utilises this particular extension the system is potentially vulnerable. The extension was already released in 2012 so it is used by many parties and SSL has been vulnerable until April 2014 for users employing the versions based on the standard.
For more information see here: http://www.infoq.com/news/2014/04/heartbleed-ssl or http://heartbleed.com/.
About Buffalo Technology
Buffalo is a global manufacturer of innovative storage, multimedia, and wireless networking products for the home and small business. The company is recognised as the Number 1 total PC peripheral manufacturer in Japan, and was named the worldwide consumer NAS market leader 6 years in a row.
The company’s storage products are addressing the needs of the individual and the business, providing cost-effective network attached storage (NAS), portable and desktop hard drives, multimedia players, and Wireless LAN routers, which together offer a complete and integrated solution for the small office and digital home environment.
Headquartered in Japan, Buffalo Technology has offices in the UK, France, The Netherlands, USA and Taiwan. For more information please visit http://www.buffalo-technology.com.
Champion Communications, Buffalo Technology, http://www.buffalo-technology.com/en/, +44 7540612508, [email protected]
Share this article