On Wednesday, May 20th, 2015 the Security team at Blue Jeans Network became aware of the latest vulnerability in TLS protocol named "Logjam" or the Weak/EXPORT Diffie-Hellman Man-in-the-middel vulnerability.

This new vulnerability is similar to another recent announcement regarding SSL and TLS and Blue Jeans Network already disabled all "EXPORT" grade cipher suites and is not vulnerable to Logjam or FREAK because of these efforts. In our production environment, we support a minimum of 2048-bit keys for asymmetric encryption, and 128-bit key for symmetric encryption, this applies to Diffie-Hellman key exchanges as well.

The security team at Blue Jeans Network is striving for continuous improvement and staying ahead of these efforts.

If you want to learn more about the vulnerability, information is available at https://weakdh.org/ including the research paper which discloses it.

If you have further questions, you may contact Technical Support, your Customer Success Manager, or your account representative.

Security @ Blue Jeans Network

Read More

On January 27th, 2015; Blue Jeans Network became aware of a new vulnerability in the Linux glibc library known as “Ghost”, filed under CVE-2015-0235. Virtually all Linux systems that perform DNS lookups may be vulnerable to this exploit including applications that are written in C, Python, Perl, Ruby, etc.

Read More

Blue Jeans Network Inc, is aware of the recent vulnerability known as the “Bash Bug” or “Shellshock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271).

Read More

The Network Operations, Engineering, and Security teams at Blue Jeans Network, Inc. have been working diligently to assess the impact on our infrastructure in the wake of April 7 2014 disclosure of CVE-2014-0160, known the as Heartbleed vulnerability in the popular OpenSSL software. Nearly two-thirds (66%) of service providers on the Internet responded to this critical vulnerability in OpenSSL’s handling of heartbeat packets and conducted a comprehensive security review in response.

Read More

With the wide adoption of Skype in the consumer market, it is not surprising that more and more company networks are finding Skype to also be a valuable tool for communication, But one hurdle that seems to confound many IT departments is the “is Skype secure?” question. In short the answer is “yes”. It is, in a few ways. Let me try and explain.

First when a user signs into his or her Skype account, all the information is sent over SSL. SSL encrypts all the information before it leaves user's computer and can only be decrypted by Skype servers.  Skype also uses digital certificates to provide further assurance that the user is in the intended conference....

Read More

To stay ahead – in business or academia or whatever your industry – it takes real collaboration with partners, customers, vendors and colleagues around the globe. Often times the best way to invent, discuss and work together on a global basis is via video-collaboration. It saves costs and is about as good as it gets when it comes to meeting with colleagues “face-to-face” outside of in-person travel.

But… it’s a scary world out there. There are real security concerns as evidenced by this New York Times article where Rapid7 exposed Goldman Sach’s boardroom video conferencing vulnerability.

According to the article and Mr. Tuchen, CEO of Rapid 7, “New [video] systems are outfitted with a feature that automatically accepts inbound calls so users do not have to press an ‘accept’ button every time someone dials into their videoconference. The effect is that anyone can dial in and look around a room, and the only sign of their presence is a tiny light on a console unit, or the silent swing of a video camera. "Any reasonably computer literate 6-year-old can try this at home”.

Read More