On Wed, 9 Apr 2014, Kennedy, Jim wrote: > The basic test is does it have a web interface that supports SSL and is not > Windows. Then it probably uses OpenSSL. > > From: [email protected] [mailto:[email protected]] > On Behalf Of James Rankin > Sent: Wednesday, April 9, 2014 10:54 AM > To: [email protected] > Subject: Re: [NTSysADM] Heartbleed vulnerability > > What about SOHO routers? Things like Steam? > As someone said in an interview today, they might be cleaning this one up for > ten years.
So far, "luckily" if it's an older version than 1.0.1 then it's not there.. it's a recently introduced "feature" that wasn't thoroughly tested before being implemented. You can also mitigate it with a layer 7 firewall, even iptables will do it.. Yeah, SOHO routers are becoming a larger pivot for the hackers going forware and this doesn't help anything.. :) I'm not sure it's as big as the Code Red Worm, but I saw that stuff in my web server logs for at least 5 years..
