The Heartbleed OpenSSL Vulnerability

General discussions for anything not model specific
Post Reply
scarygliders
Posts: 1
Joined: Thu Apr 10, 2014 10:34 am

The Heartbleed OpenSSL Vulnerability

Post by scarygliders »

Greetings,

Does the recently announced "Heartbleed" openssl vulnerability affect the Billion routers, and if so, will Billion produce updated firmware to mitigate this security concern?

Asking because I use your great Bipac 7800N product ;)

Regards.
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: The Heartbleed OpenSSL Vulnerability

Post by billion_fan »

scarygliders wrote:Greetings,

Does the recently announced "Heartbleed" openssl vulnerability affect the Billion routers, and if so, will Billion produce updated firmware to mitigate this security concern?

Asking because I use your great Bipac 7800N product ;)

Regards.
The 7800N does not support SSL (port 443), only websites that use SSL security are effected by heartbleed, and it is advised not to changed your password yet, as some compaines have not patched hole, if you do change your passwords now and the hole is not patched, the hackers will have your new passwords also, its best to check with these compaines eg banks, amazon, microsoft live etc to ensure the hole is patched before changing your passwords etc
NigelS
Posts: 28
Joined: Mon Sep 05, 2011 8:59 am

Re: The Heartbleed OpenSSL Vulnerability

Post by NigelS »

Routers that rely on certain versions of the open source SSL code (OpenSSL) ARE also vunerable to HeartBleed, it is not just websites.

http://www.theguardian.com/technology/2 ... ity-expert

Are you stating categorically that no Billion router on the market uses OpenSSL?
admin
Site Admin
Posts: 92
Joined: Mon Jul 04, 2011 2:53 pm

Re: The Heartbleed OpenSSL Vulnerability

Post by admin »

Hi,

Based on our understanding, we are pretty sure that Billion products do not use OpenSSL and hence should not be affected by this vulnerability.

We are currently double checking with HQ to confirm that. Will post another reply once we have confirmation.
admin
Site Admin
Posts: 92
Joined: Mon Jul 04, 2011 2:53 pm

Re: The Heartbleed OpenSSL Vulnerability

Post by admin »

Hi,

We have found this site that test for the heartbleed vulnerability but obviously not sure if it is 100% accurate.

We will share it anyway.

https://filippo.io/Heartbleed/
Tomken
Posts: 467
Joined: Tue Jul 26, 2011 10:31 am
Location: Co Durham

Re: The Heartbleed OpenSSL Vulnerability

Post by Tomken »

You could run Netalyzr which lists the ports allowed of which some may be using SSL, although not sure if they will be classed as OpenSSL if so http://netalyzr.icsi.berkeley.edu/

This program requires Java to be enabled in browsers and which has just been updated http://java.com/en/download/ie_manual.jsp?locale-=en
AdrianH
Posts: 38
Joined: Wed Mar 14, 2012 11:33 am

Re: The Heartbleed OpenSSL Vulnerability

Post by AdrianH »

http://news.yahoo.com/trying-protect-yo ... 22215.html

Be aware that using those tests against sites without their permission is in fact illegal, and could gain you a prison sentence.
AdrianH
Posts: 38
Joined: Wed Mar 14, 2012 11:33 am

Re: The Heartbleed OpenSSL Vulnerability

Post by AdrianH »

Steve Gibson (GRC.COM) has a HeartBleed Router checking tool.

>> http://download.crowdstrike.com/heartbl ... canner.zip <<

Read the "About " file for instructions.

I ran the LocalHost check and it came back as clear.
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: The Heartbleed OpenSSL Vulnerability

Post by billion_fan »

We have had a official response from our head office

“Heartbleed OpenSSL vulnerability does not affect any routers in the current Billion portfolio"
Post Reply