Greetings,
Does the recently announced "Heartbleed" openssl vulnerability affect the Billion routers, and if so, will Billion produce updated firmware to mitigate this security concern?
Asking because I use your great Bipac 7800N product
Regards.
The Heartbleed OpenSSL Vulnerability
-
- Posts: 5374
- Joined: Tue Jul 19, 2011 4:30 pm
Re: The Heartbleed OpenSSL Vulnerability
The 7800N does not support SSL (port 443), only websites that use SSL security are effected by heartbleed, and it is advised not to changed your password yet, as some compaines have not patched hole, if you do change your passwords now and the hole is not patched, the hackers will have your new passwords also, its best to check with these compaines eg banks, amazon, microsoft live etc to ensure the hole is patched before changing your passwords etcscarygliders wrote:Greetings,
Does the recently announced "Heartbleed" openssl vulnerability affect the Billion routers, and if so, will Billion produce updated firmware to mitigate this security concern?
Asking because I use your great Bipac 7800N product
Regards.
-
- Posts: 28
- Joined: Mon Sep 05, 2011 8:59 am
Re: The Heartbleed OpenSSL Vulnerability
Routers that rely on certain versions of the open source SSL code (OpenSSL) ARE also vunerable to HeartBleed, it is not just websites.
http://www.theguardian.com/technology/2 ... ity-expert
Are you stating categorically that no Billion router on the market uses OpenSSL?
http://www.theguardian.com/technology/2 ... ity-expert
Are you stating categorically that no Billion router on the market uses OpenSSL?
-
- Site Admin
- Posts: 92
- Joined: Mon Jul 04, 2011 2:53 pm
Re: The Heartbleed OpenSSL Vulnerability
Hi,
Based on our understanding, we are pretty sure that Billion products do not use OpenSSL and hence should not be affected by this vulnerability.
We are currently double checking with HQ to confirm that. Will post another reply once we have confirmation.
Based on our understanding, we are pretty sure that Billion products do not use OpenSSL and hence should not be affected by this vulnerability.
We are currently double checking with HQ to confirm that. Will post another reply once we have confirmation.
-
- Site Admin
- Posts: 92
- Joined: Mon Jul 04, 2011 2:53 pm
Re: The Heartbleed OpenSSL Vulnerability
Hi,
We have found this site that test for the heartbleed vulnerability but obviously not sure if it is 100% accurate.
We will share it anyway.
https://filippo.io/Heartbleed/
We have found this site that test for the heartbleed vulnerability but obviously not sure if it is 100% accurate.
We will share it anyway.
https://filippo.io/Heartbleed/
-
- Posts: 467
- Joined: Tue Jul 26, 2011 10:31 am
- Location: Co Durham
Re: The Heartbleed OpenSSL Vulnerability
You could run Netalyzr which lists the ports allowed of which some may be using SSL, although not sure if they will be classed as OpenSSL if so http://netalyzr.icsi.berkeley.edu/
This program requires Java to be enabled in browsers and which has just been updated http://java.com/en/download/ie_manual.jsp?locale-=en
This program requires Java to be enabled in browsers and which has just been updated http://java.com/en/download/ie_manual.jsp?locale-=en
-
- Posts: 38
- Joined: Wed Mar 14, 2012 11:33 am
Re: The Heartbleed OpenSSL Vulnerability
http://news.yahoo.com/trying-protect-yo ... 22215.html
Be aware that using those tests against sites without their permission is in fact illegal, and could gain you a prison sentence.
Be aware that using those tests against sites without their permission is in fact illegal, and could gain you a prison sentence.
-
- Posts: 38
- Joined: Wed Mar 14, 2012 11:33 am
Re: The Heartbleed OpenSSL Vulnerability
Steve Gibson (GRC.COM) has a HeartBleed Router checking tool.
>> http://download.crowdstrike.com/heartbl ... canner.zip <<
Read the "About " file for instructions.
I ran the LocalHost check and it came back as clear.
>> http://download.crowdstrike.com/heartbl ... canner.zip <<
Read the "About " file for instructions.
I ran the LocalHost check and it came back as clear.
-
- Posts: 5374
- Joined: Tue Jul 19, 2011 4:30 pm
Re: The Heartbleed OpenSSL Vulnerability
We have had a official response from our head office
“Heartbleed OpenSSL vulnerability does not affect any routers in the current Billion portfolio"
“Heartbleed OpenSSL vulnerability does not affect any routers in the current Billion portfolio"