- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is Verizon's FIOS and DSL and global infrastructure vulnerable to Heartbleed? I mean all the Juniper, Cisco and other devices and switches, and all the routers, and everything that connects every Vz FIOS and DSL customer to everything else - and all the billing and other circuits that connect - EVERYTHING used by Verizon. Has anyone received a specific answer from Verizon on this?
Verizon - what's going on? Please don't answer with "We take your security seriously ...." Is ANYTHING in your infrastructure vulnerable to Heartbleed - YES or NO?
If yes, when will you fix ABSOLUTELY EVERYTHING? "Working on it" is not the answer. What's the date?
Then, what should those of us with Vz FIOS or DSL do?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wouldn't be too worried about the core equipment as far as the Heartbleed vulnerability is concerned, as this issue pertains to equipment that is responsible for making secure connections across networks. ASAs, Firewalls that can act as VPN endpoints, Wireless Access points with tunnelling support, and so on. None the less, providers like Verizon will all have to upgrade affected gear considering the nature of the bug unless they want to put all of their customers at risk.
Externally, Verizon's websites should all be patched as they're hosted through Akamai. auth.verizon.com is not showing as being vulnerable. Internally, that should be all patched but will likely not result in any sort of answer. As for the BHRs on Port 4567? STARTTLS is being a pain to test at the moment with the current tools. Guess your best bet is to look at the source code for them on ActionTec's website to see what's included.
I'd be more worried about the network getting poisoned through BGP attacks 🙂
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Smith - You are truly the great guru of this and other forums. My genuflection, as always.
But it would be ... polite ... for Vz to address this issue, don't you think?
If anyone has the ear of the oblivious Vz giant, it's you. Please ask them to deign to consider the Heartbleed issue and give us a report.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'll see if I can ask them.
I'm trying to check out the BHRs right now for FiOS and it seems the CWMP port is not playing right with the tools. Hard to say if that means the protocol is not one that is expected or if it's the BHR not being vulnerable.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Smith - your technical knolwedge is amazing. Would you also check the similar what-cha-ma-call-its for DSL?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@glnz wrote:Smith - your technical knolwedge is amazing. Would you also check the similar what-cha-ma-call-its for DSL?
I have an ActionTec GT784WNV sitting around here with Firmware v1.1.6 installed I could check. I'll likely find another DSL circuit to connect that gateway to as I have stability issues with it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So heres the fun one with all this, did everyone know that their Verizon wireless router WI-FI password can be seen from within your account... so if someone gets your login in creds from the heartbleed bug they got your wifi password too... that is if they didn't get your wifi password when your router updated verizon servers if you changed that. 🙂
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some credible sources I have within Verizon have stated that the routers are not affected by Heartbleed for both FiOS and DSL. Additionally, the websites are secure. You guys shouldn't have anything to worry about from Verizon at this point.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Steve01 wrote:So heres the fun one with all this, did everyone know that their Verizon wireless router WI-FI password can be seen from within your account... so if someone gets your login in creds from the heartbleed bug they got your wifi password too... that is if they didn't get your wifi password when your router updated verizon servers if you changed that. 🙂
The wifi password can be seen on the STB's and if you have the My Fios Mobile App it can be seen on that too.
On the STB you can secure the wifi credentials with parental controls password but on the my fios mobile app either sign out of the app or put a password on your phone, I wish I could get rid of that from the app.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content