cancel
Showing results for 
Search instead for 
Did you mean: 

Heartbleed - scanner available.

Community Veteran
Posts: 1,769
Thanks: 33
Fixes: 1
Registered: 08-10-2010

Heartbleed - scanner available.

For Android phones, if you are worried about security (who isn't?).

http://m.tech.firstpost.com/news-analysis/heartbleed-bug-on-android-devices-and-apps-heres-how-to-ch...

Not a direct link, but article with link in it.
15 REPLIES
Community Veteran
Posts: 2,211
Thanks: 95
Fixes: 4
Registered: 18-02-2013

Re: Heartbleed - scanner available.

Cheers, 4.1.1 seems to be troublesome.
TORPC
Grafter
Posts: 5,163
Registered: 08-12-2013

Re: Heartbleed - scanner available.

Android 4.1.1 is apparently the only Android version affected, & Apparently they are supposedly going to roll out updates soon, however it is not known on time frame(s) from mobile phone/ Device vendor(s)
Community Veteran
Posts: 2,211
Thanks: 95
Fixes: 4
Registered: 18-02-2013

Re: Heartbleed - scanner available.

I'm just waiting for a patch for my DD-WRT Router, thats me done then i guess.
Quote
DD-WRT started using the vulnerable code on 2012/04/29. Any DD-WRT build after (and including) 19163 has the flaw, and any build after (and including) 23882 has the fix.
Community Veteran
Posts: 1,769
Thanks: 33
Fixes: 1
Registered: 08-10-2010

Re: Heartbleed - scanner available.

Quote from: TORPC
Android 4.1.1 is apparently the only Android version affected, & Apparently they are supposedly going to roll out updates soon, however it is not known on time frame(s) from mobile phone/ Device vendor(s)

It's not only Android 4.1.1 affected but all from android 4.1. Though 4.1.1 is the only one vulnerable by default, all versions have heart bleed in the OS and it can be switched on by certain apps. So don't be too complacent.
TORPC
Grafter
Posts: 5,163
Registered: 08-12-2013

Re: Heartbleed - scanner available.

See amended post above to the words now in bold
Quote
apparently
əˈparəntli/
adverb
adverb: apparently
   1.
   as far as one knows or can see.
   "the child nodded, apparently content with the promise"
   synonyms: seemingly, evidently, it seems (that), it would seem (that), it appears (that), it would appear (that), as far as one knows, by all accounts, so it seems;
   ostensibly, outwardly, on the face of it, to all appearances, to all intents and purposes, on the surface, so the story goes, so I'm told;
   allegedly, supposedly, reputedly;
   rareostensively
   "apparently he had a mild heart attack"

Quote
affected
əˈfɛktɪd/
adjective
adjective: affected
   1.
   influenced or touched by an external factor.
   "affected areas"
   2.
   pretentious and designed to impress.
   "the gesture appeared both affected and stagy"
   synonyms: pretentious, high-flown, ostentatious, pompous, grandiose, over-elaborate, overblown, overripe, overworked, overdone;
   contrived, forced, laboured, strained, stiff, posed, stagy, studied, mannered, hollow, insincere, unconvincing;
   artificial, unnatural, assumed, pretended, feigned, false, fake, faked, counterfeit, sham, simulated, spurious, pseudo, mock, imitation;
   informalla-di-da, hoity-toity, highfalutin, fancy-pants, posey, pseud, phoney, pretend, put on;
   informalponcey, posh, toffee-nosed
   "he was talking in the rather affected boom he used with strangers"
   antonyms: natural, unpretentious, genuine
   3.
   archaic

[quote=http://www.crossville-chronicle.com/community-news-network/x360400860/Millions-of-Android-phones-tablets-vulnerable-to-Heartbleed-bug] While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the "limited exception" was one version dubbed 4.1.1, which was released in 2012.
Quote
The Heartbleed vulnerability was made public earlier this week and can expose people to hacking of their passwords and other sensitive information. While a fix was simultaneously made available and quickly implemented by the majority of Internet properties that were vulnerable to the bug, there is no easy solution for Android gadgets that carry the flaw, security experts said. Even though Google has provided a patch, the company said it is up to handset makers and wireless carriers to update the devices.
"One of the major issues with Android is the update cycle is really long," said Michael Shaulov, chief executive officer and co-founder of Lacoon Security, a cyber-security company focused on advanced mobile threats. "The device manufacturers and the carriers need to do something with the patch, and that's usually a really long process."
Christopher Katsaros, a spokesman for Mountain View, Calif.-based Google, confirmed there are millions of Android 4.1.1 devices. He pointed to an earlier statement by the company, in which it said it has "assessed the SSL vulnerability and applied patches to key Google services."
It's unclear whether other mobile devices are vulnerable. Apple Inc. and Microsoft Corp. didn't respond to messages for comment.

B.I.F ====> Before I forget
I was not being Complacent, in any capacity, as I was merely reporting, albeit (in my own words), from the statement(s) of others as provided in the link in this exact post
Quote
complacent
kəmˈpleɪs(ə)nt/
adjective
adjective: complacent
    1.
    showing smug or uncritical satisfaction with oneself or one's achievements.
    "you can't afford to be complacent about security"
    synonyms: smug, self-satisfied, pleased with oneself, proud of oneself, self-approving, self-congratulatory, self-admiring, self-regarding;
    gloating, triumphant, proud;
    pleased, gratified, satisfied, content, contented;
    careless, slack, lax, lazy;
    informallike the cat that got the cream, I'm-all-right-Jack;
    informalwisenheimer;
    vulgar slangshit-eating
    "no one in industry can afford to stand still and be complacent"

TORPC
Grafter
Posts: 5,163
Registered: 08-12-2013

Re: Heartbleed - scanner available.

If you prefer
Direct from the horses mouth aka Google in this case so-to-speak (sorry horses)
[quote=http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html]Android
All versions of Android are immune to CVE-2014-0160 (with the limited exception of Android 4.1.1; patching information for Android 4.1.1 is being distributed to Android partners).
Sorry, however for those that may need it
Quote
immune
ɪˈmjuːn/
adjective
adjective: immune
    1.
    resistant to a particular infection or toxin owing to the presence of specific antibodies or sensitized white blood cells.
    "they were naturally immune to hepatitis B"
        Biology
        relating to immune resistance.
    2.
    protected or exempt, especially from an obligation or the effects of something.
    "they are immune from legal action"
    synonyms: resistant, not subject, not liable, unsusceptible, not vulnerable, not open, not exposed;
    protected from, safe from, secure against, not in danger of, exempt from, clear of, free from, unaffected by, proof against;
    freed from, absolved from, released from, excused from, relieved of, spared from, excepted from, exempted from;
    informallet off
    "they are immune to hepatitis B"
Community Veteran
Posts: 18,543
Thanks: 190
Registered: 12-08-2007

Re: Heartbleed - scanner available.

Why do you continually quote dictionary definitions Undecided  I'm sure most people don't need them.
TORPC
Grafter
Posts: 5,163
Registered: 08-12-2013

Re: Heartbleed - scanner available.

As you may / may not be aware
The odd one or two individual(s) like to misconstrue the content / context that members post (on a regular(ish) basis
Which in-turn causes the odd one or two individuals to make false claim(s) & flase perceptions of the member(s) post(s) that they had clearly misconstrued
Therefore, for their benefit, I post the meaning(s)  where applicable
I hope that clears any mis-understanding(s)
Community Veteran
Posts: 18,543
Thanks: 190
Registered: 12-08-2007

Re: Heartbleed - scanner available.

Pot, kettle, black comes to mind Roll eyes Roll eyes
Community Veteran
Posts: 1,769
Thanks: 33
Fixes: 1
Registered: 08-10-2010

Re: Heartbleed - scanner available.

I like the 'smug' definition of complacent.  Now check 'gullible'.
I stand by my post, here is an excerpt from the article for those who cannot( or do not ) want to read the whole article.
"...Google has said that nearly all versions of AOSP from 4.1 and up contain vulnerable versions of OpenSSL, but all except one had heartbeats turned off, so no one could attack these systems. Only Android 4.1.1 had the heartbeat feature turned on, so those devices are vulnerable. Moreover, some OEMs may have switched heartbeat feature back on in their phone’s software, which leaves them vulnerable too..."
So yes, it may by default be switched off, but it can be switched on by apps etc which leaves the whole phone vulnerable.
These guys have no financial interest, they are not selling anything. However large corporations do have a history of playing down their shortcomings or admitting liability.
We are all adults here, so draw your own conclusions.
Moderator
Moderator
Posts: 16,512
Thanks: 1,774
Fixes: 121
Registered: 06-04-2007

Re: Heartbleed - scanner available.

Quote from: artmo
Why do you continually quote dictionary definitions Undecided  I'm sure most people don't need them.

I agree - I actually found it a little insulting following one of my posts  Sad

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

TORPC
Grafter
Posts: 5,163
Registered: 08-12-2013

Re: Heartbleed - scanner available.

@Doris
Where does it say that
Quote from: doris
<snip>
"...Google has said that nearly all versions of AOSP from 4.1 and up contain vulnerable versions of OpenSSL, but all except one had heartbeats turned off, so no one could attack these systems. Only Android 4.1.1 had the heartbeat feature turned on, so those devices are vulnerable. Moreover, some OEMs may have switched heartbeat feature back on in their phone’s software, which leaves them vulnerable too..."
So yes, it may by default be switched off, but it can be switched on by apps etc which leaves the whole phone vulnerable.
These guys have no financial interest, they are not selling anything. However large corporations do have a history of playing down their shortcomings or admitting liability.
We are all adults here, so draw your own conclusions.

where is your source or at least a link to it
@Mav
My appologies if I came over insulting (was not intended)
The intention is to merely bring the facts
Moderator
Moderator
Posts: 16,512
Thanks: 1,774
Fixes: 121
Registered: 06-04-2007

Re: Heartbleed - scanner available.

@TORPC  I didn't think you meant to be insulting it's just how I felt at the time.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Community Veteran
Posts: 2,211
Thanks: 95
Fixes: 4
Registered: 18-02-2013

Re: Heartbleed - scanner available.