I wouldn't be too worried about the core equipment as far as the Heartbleed vulnerability is concerned, as this issue pertains to equipment that is responsible for making secure connections across networks. ASAs, Firewalls that can act as VPN endpoints, Wireless Access points with tunnelling support, and so on. None the less, providers like Verizon will all have to upgrade affected gear considering the nature of the bug unless they want to put all of their customers at risk.

Externally, Verizon's websites should all be patched as they're hosted through Akamai. auth.verizon.com is not showing as being vulnerable. Internally, that should be all patched but will likely not result in any sort of answer. As for the BHRs on Port 4567? STARTTLS is being a pain to test at the moment with the current tools. Guess your best bet is to look at the source code for them on ActionTec's website to see what's included.

I'd be more worried about the network getting poisoned through BGP attacks 🙂

Smith - You are truly the great guru of this and other forums.  My genuflection, as always.

But it would be ... polite ... for Vz to address this issue, don't you think?

If anyone has the ear of the oblivious Vz giant, it's you.  Please ask them to deign to consider the Heartbleed issue and give us a report.

Thanks!

I'll see if I can ask them.

I'm trying to check out the BHRs right now for FiOS and it seems the CWMP port is not playing right with the tools. Hard to say if that means the protocol is not one that is expected or if it's the BHR not being vulnerable.

Smith - your technical knolwedge is amazing.  Would you also check the similar what-cha-ma-call-its for DSL?

---

@glnz wrote:

Smith - your technical knolwedge is amazing.  Would you also check the similar what-cha-ma-call-its for DSL?

---

I have an ActionTec GT784WNV sitting around here with Firmware v1.1.6 installed I could check. I'll likely find another DSL circuit to connect that gateway to as I have stability issues with it.

So heres the fun one with all this, did everyone know that their Verizon wireless router WI-FI password can be seen from within your account... so if someone gets your login in creds from the heartbleed bug they got your wifi password too... that is if they didn't get your wifi password when your router updated verizon servers if you changed that. 🙂

Some credible sources I have within Verizon have stated that the routers are not affected by Heartbleed for both FiOS and DSL. Additionally, the websites are secure. You guys shouldn't have anything to worry about from Verizon at this point.

---

@Steve01 wrote:

So heres the fun one with all this, did everyone know that their Verizon wireless router WI-FI password can be seen from within your account... so if someone gets your login in creds from the heartbleed bug they got your wifi password too... that is if they didn't get your wifi password when your router updated verizon servers if you changed that. 🙂

---

The wifi password can be seen on the STB's and if you have the My Fios Mobile App it can be seen on that too.

On the STB you can secure the wifi credentials with parental controls password but on the my fios mobile app either sign out of the app or put a password on your phone, I wish I could get rid of that from the app.