POODLE vuln dogs Australian consumer modems The persistent awfulness of consumer broadband modems is once again in evidence, with the Poodle and Freak bugs present in a huge number of Australian households. The issue has hit Twitter, with some people reporting that ISPs are notifying them of possible malicious traffic – but without useful information on what to do. TPG …
This is so typical of TPG, I am yet to get a response from them of what malicious traffic is being sent by my service with them, so I might avoid a unilateral disconnection.
I wont hold my breath, and seals my decision to move away from them..
Sadly iiNet customers can look forward to this sort of mindless responses, no wonder Michael Malone came out against the takeover.
"Sadly iiNet customers can look forward to this sort of mindless responses, no wonder Michael Malone came out against the takeover."
I agree, but for different reasons. This is the generic alert you're going to get from ANY isp.
We received one from the ISP where I used to work who blocked only the port the garbage was being sent on. Once we knew what was going on, we tracked down the offending user who's machine was compromised (virus scanners are bloody useless), and once we verified he wasn't spewing spam anymore, we got in touch with our ISP and told them to take the block off and see that we weren't leaking anymore. And that was that, all rather painless. We did however, know what we were doing.
Home users on the other hand - good luck with that. It would make sense that TPG block only the port(s) that were doing the spewing, but to take the brutal approach and block the entire account is too much.
It's especially amusing they suggest antivirus software, as in our case, the malware went straight through it like that vindaloo you had for lunch last week.
Like I said, I was going to churn to iiNet, but since TPG is buying them - hell no.
So I got one of these related to my WD MyBookLive. Seems that WD haven't bothered to update firmware on their devices to disable SSLv2 & 3. Nor do they ever answer support calls from mere mortals...I ranted at TPG and got the following answer:
===
Yes this is only a notification to our customers about the vulnerability on FREAK and POODLE. We are also working on the notification message so this may change in the future.
As for the suspension of the account, customers will normally get a phone call if we are really going to end up in suspending a service. When we end up with this choice that means there is really a threat coming from the said network.
===
Admittedly, that first threatening mail from them could have been worded better, but I think ACMA is the culprit here...trying to justify funding for AISI.
If you check the AISI malware statistics at http://www.acma.gov.au/Industry/Internet/e-Security/Australian-Internet-Security-Initiative/aisi-malware-statistics-1 you will see that there are in fact over 200,000 vulnerable services in Oz...I guess ACMA just couldn't resist doing something about it. :-)
John,
I don't disagree in being alerted by the ISP, its the threats of disconnection, that I take issue with.
And yes the average home user, would be totally confused and panicked by the disconnection threat.
My response to them after correcting what was at best an eavesdropping vulnerability was to point out either the threat was ill-conceived or lazy use of a existing template.
+Comment: It's almost impossible to expect home users en masse to learn even the most basic configuration tasks. There's no way Joe Sixpack is going to run a firmware upgrade and navigate a bunch of menus to find out where the remote management check-box is.For that reason, it's also unfair to threaten blocking services to users who don't know what's going on.
It's perfectly fair. If the police pull you over for having an mechanically unsafe vehicle on the public highway, you have to get it fixed or it will be impounded. If you can't fix it yourself, you take it to a garage. It should be the same with devices using the public internet.
But this is not mechanically unsound.. using your analogy.
It more a matter of being made un-roadworthy because you have standard tires and not the steel belt radials that the cop thinks you should have on your car.
If the detected threat was one of spewing spam or other vulnerability, that impacted network performance or availability I could agree. But its not. The risk was exposure of credentials, or other information int he session.. and they didn't scan the router either.. they were looking on 443 for SSL hosts not scanning non-standard ports.
Educate folks, but dont do it with FUD.
One looks at the vulnerability and how it applies to ones environment, and makes a risk assessment.. In my case a risk, and scheduled for the next service.. The threat meant it got bought forward The cost.. TPG has lost a customer.. actually a number of them as their contracts expire, as they are now on the same class as DoDo for their service quality.
But this is not mechanically unsound.. using your analogy.It more a matter of being made un-roadworthy because you have standard tires and not the steel belt radials that the cop thinks you should have on your car.
More like not being roadworthy because it has no indicators and so you as the driver have to open the window and give hand signals.
Or unroadworthy because the car predates having seatbelts.
... even those of us who know how to upgrade firmware and to adjust router config settings, don't always have an option to do so, because often (as is with a lot of "embedded computing" devices) the manufacturers wash their hands of any responsibility after maybe a year or so.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
