OpenSSL bug (Heartbleed) on Plusnet routers
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: OpenSSL bug (Heartbleed) on Plusnet routers
- « Previous
-
- 1
- 2
- Next »
Re: OpenSSL bug (Heartbleed) on Plusnet routers
11-04-2014 9:01 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: wintonian
So why all this advice to change passwords if you can just buy, update or use an old router?
Because passwords could already have been leaked.
But it does make sense to do things in the right order: fit the new bolt to the stable door before returning the horse!
Re: OpenSSL bug (Heartbleed) on Plusnet routers
11-04-2014 9:18 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
So as a end user, you only have to worry about the websites you as a user use, sadly server admins have gotten of allot worse having to ensure their servers are patched and SSL certificates reissued if applicable.
Just like igoddard said; fit the new bolt to the stable door before returning the horse!
So make sure the websites you use are patched before changing your passwords, and try to use something new.
Because the heartbleed only made 64Kb visible it would require numerous attempts to extract user data and certificate information as it would all be mixed in together.
TLDR:
Check site, if ok? Change to a unique password
Re: OpenSSL bug (Heartbleed) on Plusnet routers
11-04-2014 2:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
But plusnet are telling me that the issuse is nothing to do with website and if there is a problem that it it my responsibility to fix.
They will not tell me if the member centre has been/ is vulnerable as it is nothing to do with that and they don't know what router I have.
Re: OpenSSL bug (Heartbleed) on Plusnet routers
11-04-2014 2:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: wintonian But plusnet are telling me that the issuse is nothing to do with website and if there is a problem that it it my responsibility to fix.
You shouldn't have been advised as such. Sorry.
Quote from: wintonian They will not tell me if the member centre has been/ is vulnerable as it is nothing to do with that and they don't know what router I have.
None of our external web services (including the Member Centre and Webmail) are, or were, vulnerable.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: OpenSSL bug (Heartbleed) on Plusnet routers
11-04-2014 4:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Given your two answers above, has the correct briefing / answers been sent out to all CS Agents yet? If not, is there a plan to do so? I suggest that the answers received by this user lack an understanding of the issue and the not unreasonable concerns of users.
Is there merit in placing (yet another) sticky at the top of the forum on this issue?
Cheers,
Kevin
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: OpenSSL bug (Heartbleed) on Plusnet routers
11-04-2014 4:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Townman ... has the correct briefing / answers been sent out to all CS Agents yet?
Yes. I think there may have been some confusion though, caused by an earlier briefing that referred to the router we supply.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: OpenSSL bug (Heartbleed) on Plusnet routers
11-04-2014 4:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The guy I spoke to read through an email he had received about the vulnerability and Thompson routers, then when I mentioned the website and that I was not using a Plusnet router told me he couldn't advise as it was a non Plusnet router, and despite my assertions about it beng server side insisted that all the OpenSSL stuff was done on the router andthus nothing to do with th ISP if I did not have one of their routers.
Needless to say I was left rather confused!
Mind youshort statement from Plusnet stating what you just have above, and pinned up for a couple of months would have made life much easier.
Re: OpenSSL bug (Heartbleed) on Plusnet routers
12-04-2014 12:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Why is there nothing on the plusnet homepage itself or even a straightforward e-mail to all of us?
Also, when I checked a couple of the web-sites promoted by the media as a central reference of which sites are vulnerable to Heartbleed, plusnet is listed as 'potentially vulnerable'.
Re: OpenSSL bug (Heartbleed) on Plusnet routers
12-04-2014 2:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: wintonian Yes I know that, which is why I have not changed the Plusnet one yet.
It's actually impossible to have a secure member centre password since it's the same one that's used for you to authenticate to get online, which means its either stored in plaintext on your router or even if it's encrypted on the router it would have to be then stored using an reversible encryption so the router can use it to login.
I'd like to see the PPP and member center passwords seperated at some point but not sure if that will ever happen
Re: OpenSSL bug (Heartbleed) on Plusnet routers
12-04-2014 3:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- « Previous
-
- 1
- 2
- Next »
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: OpenSSL bug (Heartbleed) on Plusnet routers