back to article Don't fret over SOHO routers and Heartbleed. But yeah, there's LOADS to fear on home kit

The infamous Heartbleed bug doesn't affect home routers in practice, according to new analysis by security researchers at TripWire. The infosec vendor nevertheless warned that "critical security flaws" are "endemic" to small office/home office (SOHO) routers. TripWire came to this conclusion after revisiting earlier research …

COMMENTS

This topic is closed for new posts.
  1. Ugotta B. Kiddingme

    one would hope...

    ... that this Heartbleed business would make people more aware of potential security problems, even if THIS one didn't directly affect them.

    Sadly, however, most home users are more concerned with latest episode of [mindless television drivel] than the security of their home network and devices connected thereto.

    1. Steve Davies 3 Silver badge

      Re: one would hope...

      don't forget telling everyone about it on FaceBlock and Twatter...

    2. Sanctimonious Prick
      Coat

      Re: one would hope...

      @UB.K Agreed. Mostly. My g/f, initially dreaded my weekly chats with her about the latest "Snowden" leaks, and has now (almost) stopped using a single password on all devices and websites (it's a slow process, but we'll get there). This change my g/f is making is due (I believe) to the accumulation of all these leaks(Snowden/NSA), backdoors(RSA/NSA), and ridiculous bugs(Heartbleed).

      I imagine there are many more guys n gals out there talking to their loved ones as I have, and, quite possibly, some of those loved ones have also started changing their 'same password/phrase/pin for everything' policy.

      Yeah, the more we hear about these security vulnerabilities, the better. It's waking up a lot of sleepyheads... thus, icon.

  2. brooxta
    Boffin

    Rooting for rooted routers

    Any of these security bods care to comment on the relative merits of stock firmware versus what informed individuals like El Reg Readers might install on their rooted routers? eg DD-WRT, Tomato, OpenWRT, Merlin, etc.

    1. DougS Silver badge

      Re: Rooting for rooted routers

      DD-WRT is not vulnerable in its standard config. Some of the packages like openvpn and asterisk have vulnerability, but those generally aren't used by home users, even those who read the Reg.

  3. Tomato42 Silver badge
    Unhappy

    of course they are not vulnerable

    of course most of the home routers are not vulnerable, they usually ship software that's at least 5 years old!

    Remember Linux 2.6? Most routers still chug along with 2.4.

    critical vulns on SOHO routers are a problem, but Heartbleed is not one of them

  4. John Deeb

    numbers don't mean much

    Or perhaps 2,500 admins or developers wordlwide decided to have a test machine online for a while to play with key extraction themselves? And some honeypots too perhaps. Numbers don't mean much.

  5. Floydian Slip
    Paris Hilton

    Just change your passwords

    Well, I'm so scared by all these security concerns that I've changed ALL of my passwords, and I know it's secure because it's not in the Top 10 passwords lists, 0123456789, that should do it - and I'll stick it on a post-it note under my desk just in case.

  6. thosrtanner

    How are home users meant to fix it

    Do you really think upgrading the router firmware is a trivial operation for the non-technical? Even I wouldn't want to do it. If the router dies because the ISP downloaded non working software to it, that's their problem. If my firmware upgrade went wrong (and TBH I've really got no idea what the 'right' version of software is, and even if I did, the instructions are frankly scary, and omit important stuff like MD5 sum for the software), it's my problem.

    And it's not one I want. Support from ISPs is bad enough with stuff *they* do, anything out of the ordinary and any information they give goes from useless to worse than useless.

    So I'm not surprised that heartbleed is still there. Nor will I be until the ISPs block malformed packets downstream.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019