OpenSSL bug (Heartbleed) on Plusnet routers

agentgonzo · ‎02-07-2012

Does anyone know whether the routers supplied by Plusnet (specifically mine, the tg582) are affected by the recent OpenSSL heartbleed bug?
http://heartbleed.com/
It's a major vulnerability that means any TLS (ie HTTPS) connection can potentially leak any system memory.

LinnPlusnet · ‎03-02-2014

Hi agentgonzo,
We currently don't have any information regarding this and if it effects our routers. We're trying to obtain further information and as soon as we have any we'll provide an update.

LinnPlusnet · ‎03-02-2014

We've just received a response from our suppliers and they've confirmed that our routers are not affected

agentgonzo · ‎02-07-2012

That's good news! I assume that the version of openssl installed on the thomson routers must be an older (and unaffected) version <1.0.1
Many thanks. I'm sure that elite hackers jumping on this have bigger targets than my pokey house in the middle of no-where, but it's good to know.

mattturner · ‎25-06-2009

Yes, they all run OpenSSL version 1.0.0 - not affected.
Matt

ejs · ‎10-06-2010

[tt]OpenSSL 0.9.8l 5 Nov 2009[/tt]
according to the strings in the linux_appl.exe program within the 10.2.5.2 firmware.

Townman · ‎22-08-2007

Somewhat more to the point are the SSL/TLS services on PN's business platforms (e.g. the user portal) affected by this issue?

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

RickK · ‎03-07-2013

I have already checked portal.plus.net and the bug does not appear even though I cannot find out the OpenSSL version it is not affected by Heartbleed.
If you have any sites of your own you can use the following tool; http://rehmann.co/projects/heartbeat/

CyclesWithBees · ‎10-04-2014

Just for reference, here's another tool I've been using to check sites for heartbleed vulnerability - it's been the best one I've seen so far, though if it finds multiple IP addresses for a given name you need to click through to each one to actually see whether they reckon it's vulnerable.
https://www.ssllabs.com/ssltest/index.html

RickK · ‎03-07-2013

So you are the reason that our checker is constantly reaching capacity!

CyclesWithBees · ‎10-04-2014

Darn, you found me! I'd've... umm... stuff, if it wasn't for you pesky kids

Oldjim · ‎15-06-2007

update here http://www.bbc.co.uk/news/technology-26971363
Looks as though the major banks and Amazon are OK but not Amazon Webservices and Google including Gmail
Checking my Google Account I probably won't bother as there isn't any payment method associated with it and it is a unique password
I don't have Gmail

Gel · ‎02-08-2007

A Chrome extension is available to I'd sites with issues_had advice email mail from Solwise just https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic.

Broadband Connection Troubleshooter

Contact/Chat : CHAT service often suspended though!
BT Wholesale Speed Test:
PN Network Status:
Land Line Connection_Troubleshooter:

wintonian · ‎25-04-2013

Apparently as I don't use Plusnets router they are unable to advise me as to the vulnerability of their website (member centre). It seems that as OpenSSL works on the router that it is my responsibility to check and fix any vulnerability.

So why all this advice to change passwords if you can just buy, update or use an old router?

What does Plusnet suggest I do with my phone - should I buy a new one or not use it to access their website?

ejs · ‎10-06-2010

If the version of OpenSSL in the router had this bug, which apparently it doesn't, that would only affect https connections to the router itself, https://dsldevice.lan, websites on the Internet would be entirely independent of your router being vulnerable or not.