Ask a question
Search in U-verse Forums

U-verse Forums

Reply
Posted Apr 9, 2014
3:46:40 PM
View profile
Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

Is the 3600HGV (software 6.9.1.42-plus.tm) affected by this vulnerability?

Is the 3600HGV (software 6.9.1.42-plus.tm) affected by this vulnerability?

0
(0)
  • Rate this reply
View profile
Solved
Apr 14, 2014 7:55:03 AM
0
(0)
Community Manager

We have found no issues due to the bug, but will continue to monitor.

 

More info here: http://blogs.att.net/consumerblog/story/a7795231


Rethink Possible


Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions: Learn More.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.
*I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.
Accepted Solution

Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

5,421 views
18 replies
(5) Me too
(5) Me too
Reply
View all replies
(18)
0
(0)
  • Rate this reply
View profile
Apr 10, 2014 8:43:10 AM
0
(0)
ACE - Master

It has nothing to do with the router you are using, it's the web sites that you visit that require logins.

” Auto racing, bull fighting, and mountain climbing are the only real sports … all others are games.”- Ernest Hemingway

It has nothing to do with the router you are using, it's the web sites that you visit that require logins.

” Auto racing, bull fighting, and mountain climbing are the only real sports … all others are games.”- Ernest Hemingway
*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

2 of 19 (5,274 Views)
0
(0)
  • Rate this reply
View profile
Apr 10, 2014 9:33:43 AM
0
(0)
ACE - Expert

While the biggest problem may be the server sites, most routers (including the RG) have built in web pages and could use SSL; they could have these vulnerabilities which could be exploited if they have an outward facing port that allows an SSL connection.

 

While the biggest problem may be the server sites, most routers (including the RG) have built in web pages and could use SSL; they could have these vulnerabilities which could be exploited if they have an outward facing port that allows an SSL connection.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

3 of 19 (5,241 Views)
0
(0)
  • Rate this reply
View profile
Apr 11, 2014 8:39:01 AM
0
(0)
ACE - Expert

An article with a little bit of information (and more hype):

 

http://mashable.com/2014/04/10/heartbleed-networking-routers/

 

An article with a little bit of information (and more hype):

 

http://mashable.com/2014/04/10/heartbleed-networking-routers/

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

4 of 19 (4,635 Views)
0
(0)
  • Rate this reply
View profile
Apr 11, 2014 3:16:13 PM
0
(0)
Tutor

If anyone knows at ATT, they aren't tellIng.  I actually foolishly called into tech support to ask.  I was first told by the tech that Yahoo had patched everything.  Err no, I'm talking about the physical router I have and the software that came with it.  The tech then responded that ATT had updated my software automatically.  I doubted that very much so I asked how that could be verified and he told me to sign into the router and I'd see the software had been updated in the last couple of days.  I asked what version of the software I should look for.  Which version specifically had been patched for the heartbleed vulnerability.  He had no answer.  And, big surprise, my software is the same version it was about a year ago: 6.9.1.42-plus.tm So, i don't think there is a clear answer at this point.

If anyone knows at ATT, they aren't tellIng.  I actually foolishly called into tech support to ask.  I was first told by the tech that Yahoo had patched everything.  Err no, I'm talking about the physical router I have and the software that came with it.  The tech then responded that ATT had updated my software automatically.  I doubted that very much so I asked how that could be verified and he told me to sign into the router and I'd see the software had been updated in the last couple of days.  I asked what version of the software I should look for.  Which version specifically had been patched for the heartbleed vulnerability.  He had no answer.  And, big surprise, my software is the same version it was about a year ago: 6.9.1.42-plus.tm So, i don't think there is a clear answer at this point.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

5 of 19 (4,293 Views)
0
(0)
  • Rate this reply
View profile
Apr 11, 2014 5:23:09 PM
0
(0)
ACE - Expert

Have you tried to access your router from the outside using SSL?

 

Have you tried to access your router from the outside using SSL?

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

6 of 19 (4,170 Views)
0
(0)
  • Rate this reply
View profile
Apr 11, 2014 8:23:44 PM
0
(0)
Tutor

I am really conserned because my At&t router says that it is running FreeBSD and using OpenSSL in the Acknowledgements page of the user interface.  

 

From the router Acknowledgment page...

"FreeBSD

The compilation of software known as FreeBSD is distributed under the following terms:

Copyright (C) 1992-2007 The FreeBSD Project. All rights reserved..."

 

"openssl

Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved..."

 

Is there any way to see what versions of these libraries/software are running on the device?  I get the sense the At&t chat personnel are clueless.

I am really conserned because my At&t router says that it is running FreeBSD and using OpenSSL in the Acknowledgements page of the user interface.  

 

From the router Acknowledgment page...

"FreeBSD

The compilation of software known as FreeBSD is distributed under the following terms:

Copyright (C) 1992-2007 The FreeBSD Project. All rights reserved..."

 

"openssl

Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved..."

 

Is there any way to see what versions of these libraries/software are running on the device?  I get the sense the At&t chat personnel are clueless.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

7 of 19 (4,069 Views)
0
(0)
  • Rate this reply
View profile
Apr 11, 2014 8:39:50 PM
0
(0)
Tutor

Thanks Jeffer, but, no, I'm really not very knowledgeable about networking.  I can say I'm unable to log in to the router when I'm not on the wifi network. I'm just hoping either ATT or pace eventually make a clear statement about this.

 

 

Thanks Jeffer, but, no, I'm really not very knowledgeable about networking.  I can say I'm unable to log in to the router when I'm not on the wifi network. I'm just hoping either ATT or pace eventually make a clear statement about this.

 

 

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

8 of 19 (4,058 Views)
0
(0)
  • Rate this reply
View profile
Apr 11, 2014 10:05:11 PM
0
(0)
Tutor

I have a Motorola NVG510 Router.  I located the user manual on it from FCC. (you have to dig it up)    It appears to have 2 build ups , one with OpenSSL.   Each router has software  and one would assume it can be patched if it does.  The Motorola Router has a webpage for trouble shooting and user administration.   But we can't get into the "Shell".  It appears that Att sells routers to their customers from different manufacturers.   I spent 47 minutes (which I will never get back)  with their tech support line.  

 

Their engineers are not coming up with any good statements for the tech support people to use.   Some think this is just a website issue.  Some think if they tell us that their ATT servers are either a) never used it or b)  it's been fixed that will answer the question of the router on our self or in the back room of our business!!!    And some of them think it is a virus.   It is an error in code written for Open SSL 2 years ago.  It is not intentially malicious,  it produced an open door from which a hacker can extract  packets of data as often as they wish and the action is untraceable.  It is a valuable tool used in on-line services, sites, hardware, etc. hence the panic. 

 

All we want is a statement from ATT with a list of routers, indicating that they have or do not have Open SSL from that batch coded in the last 2 years.  And if it does, can it be patched.  And help the clueless tech support that answers the phone.   But Mr. Spock,  that would be logical.    

I have a Motorola NVG510 Router.  I located the user manual on it from FCC. (you have to dig it up)    It appears to have 2 build ups , one with OpenSSL.   Each router has software  and one would assume it can be patched if it does.  The Motorola Router has a webpage for trouble shooting and user administration.   But we can't get into the "Shell".  It appears that Att sells routers to their customers from different manufacturers.   I spent 47 minutes (which I will never get back)  with their tech support line.  

 

Their engineers are not coming up with any good statements for the tech support people to use.   Some think this is just a website issue.  Some think if they tell us that their ATT servers are either a) never used it or b)  it's been fixed that will answer the question of the router on our self or in the back room of our business!!!    And some of them think it is a virus.   It is an error in code written for Open SSL 2 years ago.  It is not intentially malicious,  it produced an open door from which a hacker can extract  packets of data as often as they wish and the action is untraceable.  It is a valuable tool used in on-line services, sites, hardware, etc. hence the panic. 

 

All we want is a statement from ATT with a list of routers, indicating that they have or do not have Open SSL from that batch coded in the last 2 years.  And if it does, can it be patched.  And help the clueless tech support that answers the phone.   But Mr. Spock,  that would be logical.    

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

9 of 19 (3,986 Views)
Highlighted
0
(0)
  • Rate this reply
View profile
Apr 12, 2014 7:10:14 AM
0
(0)
ACE - Expert

Just because it employs OpenSSL doesn't mean that it employs the affected versons.

Just because it employs the affected versions, doesn't mean the affected feature was enabled.

Just because the version and feature are enabled, doesn't mean it's exploitable.

 

Yes, it would be nice for AT&T to make a reassuring (or not) statement.  The fact that they haven't could mean:

  1. They haven't figured it out yet
  2. They're bungling customer communication again
  3. They know there's an issue, but they don't want to make an announcement until they've got a corrective measure in place, because they don't want to raise a red flag in front of the hacking community.

I know that the router does at least pass SSL through to the WAP for the wireless receivers; but I don't know whether the tunnel ends at the RG or the WAP.  I do know that you can reach the internal-facing web pages of the RG using SSL. So, yes, you could possibly mine the memory contents of your own RG.  If your own RG is not properly secured wirelessly (i.e. you don't have good security settings), then someone near your home could possibly do the same. 

 

It is probable that AT&T uses SSL to secure the communication stream it uses into the RG using a certificate to keep the SSL port secure.  My understanding is that the current vulnerability can be exploited between the initial connection request and before the client certificate must be presented, so I'm not 100% convinced that the RG is secure.

 

It would be nice to hear from AT&T on this ASAP.

 

Just because it employs OpenSSL doesn't mean that it employs the affected versons.

Just because it employs the affected versions, doesn't mean the affected feature was enabled.

Just because the version and feature are enabled, doesn't mean it's exploitable.

 

Yes, it would be nice for AT&T to make a reassuring (or not) statement.  The fact that they haven't could mean:

  1. They haven't figured it out yet
  2. They're bungling customer communication again
  3. They know there's an issue, but they don't want to make an announcement until they've got a corrective measure in place, because they don't want to raise a red flag in front of the hacking community.

I know that the router does at least pass SSL through to the WAP for the wireless receivers; but I don't know whether the tunnel ends at the RG or the WAP.  I do know that you can reach the internal-facing web pages of the RG using SSL. So, yes, you could possibly mine the memory contents of your own RG.  If your own RG is not properly secured wirelessly (i.e. you don't have good security settings), then someone near your home could possibly do the same. 

 

It is probable that AT&T uses SSL to secure the communication stream it uses into the RG using a certificate to keep the SSL port secure.  My understanding is that the current vulnerability can be exploited between the initial connection request and before the client certificate must be presented, so I'm not 100% convinced that the RG is secure.

 

It would be nice to hear from AT&T on this ASAP.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

10 of 19 (3,752 Views)
0
(0)
  • Rate this reply
View profile
Apr 12, 2014 7:34:19 AM
0
(0)
Tutor

This is my worry.  The router does have the flaw or At&t's management software has the flaw.  At&t must use ssl to secure its connection to the routers and must have connected to them in the past 2 years (updates etc).  Was someone listening or capturing packets?  Do they now have the certificates for a number of or all end routers (I'd bet they use a couple hundred certs and apply them to thousands of devices) or worse yet was at&t's management software compromised; giving open access to all routers? 

 

With access to the router anything can be done.  Its not simply, oh well your router is compromised. Its lets patch these router so that all traffic gets sent to a nefarious server or lets listen in on the VoIP conversations or lets mine all traffic for 16 digit credit card numbers or 9 digit socials or read email or make a botnet or find open file shares and modify files or find ip webcams and see/hear what is going on or you name it!

 

We need an official reponse!

 

 

This is my worry.  The router does have the flaw or At&t's management software has the flaw.  At&t must use ssl to secure its connection to the routers and must have connected to them in the past 2 years (updates etc).  Was someone listening or capturing packets?  Do they now have the certificates for a number of or all end routers (I'd bet they use a couple hundred certs and apply them to thousands of devices) or worse yet was at&t's management software compromised; giving open access to all routers? 

 

With access to the router anything can be done.  Its not simply, oh well your router is compromised. Its lets patch these router so that all traffic gets sent to a nefarious server or lets listen in on the VoIP conversations or lets mine all traffic for 16 digit credit card numbers or 9 digit socials or read email or make a botnet or find open file shares and modify files or find ip webcams and see/hear what is going on or you name it!

 

We need an official reponse!

 

 

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

11 of 19 (3,737 Views)
0
(0)
  • Rate this reply
View profile
Apr 12, 2014 11:01:39 AM
0
(0)
ACE - Expert

XiozTzu wrote:

...

 

"openssl

Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved..."

 

...


If this copyright date is accurate, then you have nothing to worry about.  The affected code wasn't submitted until 2011.


XiozTzu wrote:

...

 

"openssl

Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved..."

 

...


If this copyright date is accurate, then you have nothing to worry about.  The affected code wasn't submitted until 2011.

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

12 of 19 (3,598 Views)
0
(0)
  • Rate this reply
View profile
Apr 12, 2014 4:10:59 PM
0
(0)
Tutor

Maybe but until they tell us the version on these boxes I will not be happy.  A copywrite notice is not a code version number.  

 

It's simple... The box says it is using openSSL so At&t needs to give us a definitive response that confirms it is secure. 

Maybe but until they tell us the version on these boxes I will not be happy.  A copywrite notice is not a code version number.  

 

It's simple... The box says it is using openSSL so At&t needs to give us a definitive response that confirms it is secure. 

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

13 of 19 (3,477 Views)
0
(0)
  • Rate this reply
View profile
Solved
Apr 14, 2014 7:55:03 AM
0
(0)
Community Manager

We have found no issues due to the bug, but will continue to monitor.

 

More info here: http://blogs.att.net/consumerblog/story/a7795231


Rethink Possible


Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions: Learn More.

We have found no issues due to the bug, but will continue to monitor.

 

More info here: http://blogs.att.net/consumerblog/story/a7795231


Rethink Possible


Did a post have a solution that worked for you? Help other people find solutions faster by marking posts that helped you as an "Accepted Solution". Learn about accepted solutions: Learn More.

I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.
*I am an AT&T employee and the postings on this site are my own and don’t necessarily represent AT&T’s position, strategies or opinions.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

14 of 19 (3,013 Views)
Solution
0
(0)
  • Rate this reply
View profile
Apr 14, 2014 9:06:09 AM
0
(0)
Tutor

ATTDmitriyCM wrote:

We have found no issues due to the bug, but will continue to monitor.

 

More info here: http://blogs.att.net/consumerblog/story/a7795231


Well, that's not what I am reading there.

 

"We have done a review of our systems and found no evidence that the Heartbleed vulnerability has been exploited in our infrastructure or service components. We’ll continue to work with our vendors as they complete their own security assessments and provide updates to appropriate software. As always, we recommend customers carefully monitor their accounts and regularly change their passwords."

 

 

No evidence that it has been exploited? I wouldn't expect them to find evidence of exploitation since exploitation leaves no trace, no log, of its use.

 

Word games. Word games that mislead customers. Very irresponsible, in my opinion. Add to that the apparent fact that vendors haven't even completed their review and I'd say that Blog post is useless. Worse than useless, dangerous.

 

I would say that I'm disappointed, but that would imply that I expect a giant corporation like AT&T to actually care about it's customer's welfare. It doesn't, and I know that.

 

 


ATTDmitriyCM wrote:

We have found no issues due to the bug, but will continue to monitor.

 

More info here: http://blogs.att.net/consumerblog/story/a7795231


Well, that's not what I am reading there.

 

"We have done a review of our systems and found no evidence that the Heartbleed vulnerability has been exploited in our infrastructure or service components. We’ll continue to work with our vendors as they complete their own security assessments and provide updates to appropriate software. As always, we recommend customers carefully monitor their accounts and regularly change their passwords."

 

 

No evidence that it has been exploited? I wouldn't expect them to find evidence of exploitation since exploitation leaves no trace, no log, of its use.

 

Word games. Word games that mislead customers. Very irresponsible, in my opinion. Add to that the apparent fact that vendors haven't even completed their review and I'd say that Blog post is useless. Worse than useless, dangerous.

 

I would say that I'm disappointed, but that would imply that I expect a giant corporation like AT&T to actually care about it's customer's welfare. It doesn't, and I know that.

 

 

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

15 of 19 (2,986 Views)
0
(0)
  • Rate this reply
View profile
Apr 14, 2014 9:26:47 AM
0
(0)
ACE - Expert

noagenda wrote:

... I wouldn't expect them to find evidence of exploitation since exploitation leaves no trace, no log, of its use...

 


Actually, that's not strictly true.  A detailed log that shows the length of the response could indicate an issue.  Yes, while you could use the exploit with small enough packets to fly under the radar, it makes it much less effective as a tool to mine information.  In any case, most web sites are not going to keep detailed logs around for the years they would need to, and many servers wouldn't have logs at all.

 

However, large corporations are eat up with lawyers and what you're seeing is probably more than  counsel wanted them to say.


noagenda wrote:

... I wouldn't expect them to find evidence of exploitation since exploitation leaves no trace, no log, of its use...

 


Actually, that's not strictly true.  A detailed log that shows the length of the response could indicate an issue.  Yes, while you could use the exploit with small enough packets to fly under the radar, it makes it much less effective as a tool to mine information.  In any case, most web sites are not going to keep detailed logs around for the years they would need to, and many servers wouldn't have logs at all.

 

However, large corporations are eat up with lawyers and what you're seeing is probably more than  counsel wanted them to say.

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

16 of 19 (2,967 Views)
0
(0)
  • Rate this reply
View profile
Apr 19, 2014 12:41:42 PM
0
(0)
Contributor
Edited by Cyberchipz1 on Apr 19, 2014 at 12:44:25 PM

Kudos! I understand what you're saying, and you appear well informed to the point of presenting all the possibilities. You don't negate the possibility we have an issue with our routers. I'm more concerned with someone accessing my system spoofing Microsoft Certs than I am my home router; that too doesn't exclude router vulnerabilities.

 

I have a Netgear(sic) B90-755025-15 router from AT&T and am concerned that updates to the router OS be done to patch things up; my router also indicates no patches in years and of course Netgear doesn't even acknowledge that router as theirs (for not so obvious reasons). I believe I read and discovered for myself the router is actually another discontinued brand.

 

This vulnerability has been around since 2011; and I've been complaining about the situation that lead up to Heartbleed for even longer than that. This one just seems to be the first one we've found in located in security. So far, I can only really testify that I am experiencing higher than normal internet slow down, which should improve once spring break and Easter vacation is over and the kiddies go back to school.

 

I think this particular vulnerability is being worked on, and probably since 2011. I know I don't release vulnerabilities to the public when I find them, for obvious reasons mentioned in an earlier post.

 

It came as no surprise to me that the first attack on my wife's old Windows XP machine was to Microsoft security essentials. I had to remove MSE to regain control of the machine, and have yet to reload it to see if it will work. Still, I think the only solution to Heartbleed is to remain vigilant, and fix problems as we find them.

 

The best advice I saw for consumers was: When a service you use informs you to change your password... do so... ASAP; and keep your system(s) up to date.

 

Kudos, and thanks again for your informed postings... I do hope that's a white hat I see on your head. ;-) Even the whitest hat appears smudged with a little dirt, when viewed up close.

Kudos! I understand what you're saying, and you appear well informed to the point of presenting all the possibilities. You don't negate the possibility we have an issue with our routers. I'm more concerned with someone accessing my system spoofing Microsoft Certs than I am my home router; that too doesn't exclude router vulnerabilities.

 

I have a Netgear(sic) B90-755025-15 router from AT&T and am concerned that updates to the router OS be done to patch things up; my router also indicates no patches in years and of course Netgear doesn't even acknowledge that router as theirs (for not so obvious reasons). I believe I read and discovered for myself the router is actually another discontinued brand.

 

This vulnerability has been around since 2011; and I've been complaining about the situation that lead up to Heartbleed for even longer than that. This one just seems to be the first one we've found in located in security. So far, I can only really testify that I am experiencing higher than normal internet slow down, which should improve once spring break and Easter vacation is over and the kiddies go back to school.

 

I think this particular vulnerability is being worked on, and probably since 2011. I know I don't release vulnerabilities to the public when I find them, for obvious reasons mentioned in an earlier post.

 

It came as no surprise to me that the first attack on my wife's old Windows XP machine was to Microsoft security essentials. I had to remove MSE to regain control of the machine, and have yet to reload it to see if it will work. Still, I think the only solution to Heartbleed is to remain vigilant, and fix problems as we find them.

 

The best advice I saw for consumers was: When a service you use informs you to change your password... do so... ASAP; and keep your system(s) up to date.

 

Kudos, and thanks again for your informed postings... I do hope that's a white hat I see on your head. ;-) Even the whitest hat appears smudged with a little dirt, when viewed up close.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

[ Edited ]
17 of 19 (2,359 Views)
0
(0)
  • Rate this reply
View profile
Apr 21, 2014 11:56:40 PM
0
(0)
Contributor
Based on the copyright date (2006), you're safe. Heartbleed was introduced in December 2011.
Based on the copyright date (2006), you're safe. Heartbleed was introduced in December 2011.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

18 of 19 (2,154 Views)
0
(0)
  • Rate this reply
View profile
Apr 23, 2014 1:37:03 PM
0
(0)
ACE - Expert

red floyd wrote:
Based on the copyright date (2006), you're safe. Heartbleed was introduced in December 2011.

I believe I said that... 6 posts back:

 

http://forums.att.com/t5/Residential-Gateway/Heartbleed-OpenSSL-vulnerability-and-2WIRE-Pace-3600HGV...

 


red floyd wrote:
Based on the copyright date (2006), you're safe. Heartbleed was introduced in December 2011.

I believe I said that... 6 posts back:

 

http://forums.att.com/t5/Residential-Gateway/Heartbleed-OpenSSL-vulnerability-and-2WIRE-Pace-3600HGV/m-p/3940410

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Heartbleed OpenSSL vulnerability and 2WIRE/Pace 3600HGV?

19 of 19 (2,059 Views)
Advanced
You must be signed in to add attachments
Share this post
Share this post