Reply
Contributor
CCCookie
Posts: 6
Registered: ‎01-23-2014

Re: Heartbleed Bug -- What is Comcast doing about it?

Agree that that 'used to be the information'. Please see the date and time on the vulnerability report that says their site is now safe.

 

April 14th (today) at around 3:39 A.M. patch was installed.

 

FYI

Recognized Contributor
CordeliaAnne
Posts: 377
Registered: ‎04-10-2014

Re: Heartbleed Bug -- What is Comcast doing about it?


Typeaux wrote:

HUGE announcement today rippling across the Internet and various providers, network equipment manufacturers and others regarding the so-called Heartbleed Bug (see http://heartbleed.com/). Are certs being updated?  Even corporate wireless services have been taken down nationwide for many companies.  This is not a trivial vulnerability!!


So now did CCCookie answer the original post?

Contributor
CCCookie
Posts: 6
Registered: ‎01-23-2014

Re: Heartbleed Bug -- What is Comcast doing about it?

CordeliaAnne. I tried to answer the original post. : ) --- To reiterate, apparentlly according to this web site Comcast has fixed, patched their vulnerability. Yet there has been no (0) official response from Comcast Xfinity anywhere that I have found. --- Assuming this to be the case, I went ahead and changed my email password.

 

As far as anyone saying the vulnerabilty of SSL 1.0.1 would not be used, there was an article in Bloomberg yesterday that after it hit the news, there were attack by Chinese Hackers on a bogus web site  that was set up in one of The New England States and arranged in such a manner that they were able to track the attack on The That Bogus Web Site. Huge amounts of hacking attempts come out of either China or Russia for the most part. Please note the date and time below.

 

This is the most recent information:

 

LastPass Heartbleed checker     

 
Site: xfinity.comcast.net
Server software: Apache-Coyote/1.1
Was vulnerable: Possibly (known use OpenSSL, but might be using a safe version)
SSL Certificate: Now Safe (created 2 days ago at Apr 14 03:39:03 2014 GMT)
Assessment: Change your password on this site if your last password change was more than 2 days ago

 

 

Contributor
Posts: 8
Registered: ‎10-01-2003

Re: Heartbleed Bug -- What is Comcast doing about it?

Yes. The original question has been resolved to my satisfaction. -- Typeaux
-- Typeaux
Contributor
1greengirl
Posts: 16
Registered: ‎08-10-2012

Re: Heartbleed Bug -- What is Comcast doing about it?

Thank you CCCookie, Typeaux, CordeliaAnne, and to the security experts, frequent and new contributors for the useful information you shared and for keeping this discussion (mostly) fact-based. I really appreciated the links to resources - many of which were new to me - and the time you took to participate in this discussion in a thoughtful way. Good luck!

New Visitor
svmike
Posts: 2
Registered: ‎04-18-2014

Re: Heartbleed Bug -- What is Comcast doing about it?

I just checked the certificate dates on two Comcast secure URLs, and they both indicate certificates have NOT been updated since the Heartbleed story broke:

 

https://login.comcast.net:  cert issued 3/19/2013

https://customer.comcast.com:  cert issued 7/17/2013

 

I do not know if these servers were or were not vulnerable to Heartbleed.  If they were, then my understanding is they are currently NOT safe from eavesdropping, even if the Heartbleed has since been patched, because the corresponding private keys may have been grabbed by bad guys.  Unfortunately, these are URLS by which one logs in to pay Comcast bill -- meaning one's password and credit card info might be exposed.

 

We really need a definitive statement from Comcast that either (1) these (and other) servers were never vulnerable to Heartbleed, or (2) the vulnerabilty has been patched, new certs have been issued, and users need to change passwords and monitor their credit card accounts.

Security Expert
CajunTek
Posts: 20,976
Registered: ‎10-07-2003

Re: Heartbleed Bug -- What is Comcast doing about it?

They were not, Comcast isn't using OpenSSL for that

TANSTAAFL!!



New Visitor
svmike
Posts: 2
Registered: ‎04-18-2014

Re: Heartbleed Bug -- What is Comcast doing about it?

Thanks, CajunTek.  CCCookie writes above that Lastpass reports OpenSSL is used by xfinity.comcast.net.  You say OpenSSL was never used by login.comcast.net.  Is Lastpass wrong, or is there a difference in SSL toolkits used by xfinity.comcast.net and login.comcast.net?

Bronze Star Contributor
Extech
Posts: 109
Registered: ‎07-06-2003

Re: Heartbleed Bug -- What is Comcast doing about it?

[ Edited ]
Hi CajunTek, where did you get your info.about
not using OpenSSL for that (login)?
This post on the subject of the Hb Bug is getting very confusing, being Comcast is not officially saying what's right what's wrong even when talking to
a engineer or a Tech agent.
Even when you bring up the HB checker, says what it says. This waiting is wearing every one down, and out, called, STRESS!
Gateway Desktop FX510S XPMCE.E6600 4GB BFG 8800GT OC 512MB GPU
Notebook dv6225us AMD Turion 64X2 2GB Go6150 GPU Vista Home Premuim
Regular Contributor
Posts: 61
Registered: ‎10-12-2009

Re: Heartbleed Bug -- What is Comcast doing about it? - Norton Help

I have been a paid Norton subscriber for years and used it since the mid 1980's. I received an E-mail from Norton with a lot of Heartbleed FAQs you could access on their site. There is also a tool that allows you to enter the URL for a website and it will tell you if the site is Heartbleed vulnerable. The Comcast homepage comes up clean and so does Amazon. I don't know if the version of Norton Comcast provides will allow you similar privileges but it's worth a try. Although the tool says the sites are clean now I don't know if they were vulnerable in the past 2 years.

Security Expert
USAF_E-8_RET
Posts: 5,031
Registered: ‎10-28-2003

Re: Heartbleed Bug -- What is Comcast doing about it? - Norton Help

Hi BeowolfJones,

 

Here is a link to a Norton Knowledge Base Article with information on Heartbleed:

 

https://support.norton.com/sp/en/us/home/current/solutions/v98431836_EndUserProfile_en_us

 

You notice at the very beginning it states version 21.x (which Norton Security Suite is), so although not mentioned, the Comcast version (Norton Security Suite - NSS) is included - we (NSS users) receive the same defintions updates at the same time as the retail customers, so NSS was updated on April 10th also.  Bear in mind, this is the Norton side of the operation.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Regular Contributor
Posts: 61
Registered: ‎10-12-2009

Re: Heartbleed Bug -- What is Comcast doing about it? - Norton Help

Hi Fellow Vet

 

USAF intelligence Nam Era. Do you have Norton  3038,104 errors trying to run a scan after live update?  I still get them and have to restart the box before I can scan. It's spotty at best and only happens when you're in a hurry Hah ! Hah! The fixes Norton reccomends still haven't fixed the problem for me. I guess I'll try on line tech  again some morning when I have the time.

Security Expert
USAF_E-8_RET
Posts: 5,031
Registered: ‎10-28-2003

Re: Heartbleed Bug -- What is Comcast doing about it? - Norton Help

[ Edited ]

Thanks you for your service - I had two Souheast Asia Tours 66/67 and 74/75 working F-4's radar homing and warning and also pod jamming systems (Electronic Warfare Systems).  Finally retired after 23 1/3 in Jan 89.

 

I also assist onthe Norton forums under user name of "yank" - please see my post ion the folowing link for a recent 3038, 104 error from Oct of last year - the KB might be a good starting point.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/Error-Code-3038-104/m-p/1034671/highl...

 

<EDIT> I just saw your other post re: MBAM, just a heads up, we have found there can be (you notice I did not say always, but can :smileywink: ) a conflict between MBAM Pro and/or MBAM Free with the trial enabled.  The MBAM Pro and Trial run in real time and the basic rule of thumb is not to have two real-time security products running at the same time.

 

You may also be interested in the following in regards to the NPE:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-Power-Eraser-4-3-Beta/m-p/1115...

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Regular Contributor
Posts: 61
Registered: ‎10-12-2009

Re: Heartbleed Bug -- What is Comcast doing about it? - Norton Help

[ Edited ]

1969 - 1973.  USAF Satellite intelligence and Cryptology. What our capabilities are now compared to what they were then must be something to see.  I remember one of the techs saying "Gee look at that, the Chinese just set off a nuclear bomb and our satellite was right overhead, how fortunate for us." I explained there was no fortunate about it. They knew the bird was there and it was just their way of saying "We got one too !".

 

I never bothered with the MBAM trial just purchased MBAM pro. I haven't noticed any conflicts with Norton and it's been 6 months. I'm on win 8.0 pro on my laptop (this) and another more robust box is still on win 7 because of my Video editing sofware requirements. A couple of months ago I went through 2 Bios upgrades to the laptop. Fortunately, both went without a hitch. Scary though, because failure has such bad consequences. Kinda like upgrading Oracle on Unix,. It better work because you can't go back once you start. Never lost the Unix OS once in 7 years. Wish I could say the same for windows.

Regular Contributor
Posts: 61
Registered: ‎10-12-2009

Re: Heartbleed Bug -- What is Comcast doing about it? - More on 3038,104

The 3038,104 error has been occurring almost since I installed Norton and well before MBAM was installed. I run as Administrator so permissions aren't a problem. I have downloaded and run the fix Norton recommends and that hasn't fixed it either. I don't even attach the laptop to any public networks. If I need to do that , I use my kindle for watching a movie while I'm waiting a the local VA clinic.

 

I have made more tech support calls for Norton 360 running under win 8.0 than all the support calls for Norton products  since the 1980's. Norton Internet security on my big box running win 7 has been trouble free.

 

3038,104 always occurs after running live update and then trying to run a quick scan. A restart of the system always solves the scan problem but what a pain ! Also periodically Norton drops huge updates in the 100 - 200 mb range. I have asked tech support about this but so far every tech just parrots the Norton corporate blurb about updates protecting your system. They won't say why they have to be so big. They should be able to rebuild the entire virus definition library or upgrade the Norton version with the size of the updates they drop on you.

 

Do you have software to make the animated Gif's you have in your pictures or did you download them from the web ?

Bronze Star Contributor
Extech
Posts: 109
Registered: ‎07-06-2003

Re: Heartbleed Bug -- What is Comcast doing about it? - Norton Help

[ Edited ]

That's fine a daddy USAF_E-8_Ret (yank) about the link of Safeweb.norton.com/heartbleed you gave us, but not too safe because Comcast did not tell us the login site is safe that the Bug patch as been put in or not, and to change our password or not.like the heartbleed checker. Norton's heartbleed link does not give us Now "SAFE Now, created the date when, change your password". We all like to hear from COMCAST the official word for the go ahead of what to do in lamines term where some of us can understand when to do and what to do. Hearing and reading of he said she said, but not from Comcast.
I'm not the best in typing to put things in to words. Shoot. a lot of my invesment companies emailed me and told me that they have not been breached, put we put the patch in any way to be safe Change my password! I love that! Hey Comcast what are you going to do for us? We are paying you to be safe, Right? Thanks
I guess with a day gone by and no answer from Comcast they don't care? or they don't know? there Dumb founded about the bug?
I guess also if we didn't pay our bill we would hear from them?

Gateway Desktop FX510S XPMCE.E6600 4GB BFG 8800GT OC 512MB GPU
Notebook dv6225us AMD Turion 64X2 2GB Go6150 GPU Vista Home Premuim
Bronze Star Contributor
Extech
Posts: 109
Registered: ‎07-06-2003

Re: Heartbleed Bug -- What is Comcast doing about it?

[ Edited ]

I guess we are OK with HB? Sure quite now. I have not checked on HB for awhile, been to darn busy other things, I have changed password on my other web sites that did the HB patch.

What happpening with Comacast, are we OK? Is this Post Thread closed or has the dust settled on HB?

Yep! I Googled on the HB, and more bugs were found on security threats. Here we go again. Darn it.

Varies web sites are effected, Google, Facebook and so on. True or not?

Gateway Desktop FX510S XPMCE.E6600 4GB BFG 8800GT OC 512MB GPU
Notebook dv6225us AMD Turion 64X2 2GB Go6150 GPU Vista Home Premuim
Security Expert
USAF_E-8_RET
Posts: 5,031
Registered: ‎10-28-2003

Re: Heartbleed Bug -- What is Comcast doing about it?

Hi Extech,

 

Please see the following URL in regards to verifying you are up to date with your Norton Security Suite and what Norton has done to assist with Heartbleed.

 

http://community.norton.com/t5/Product-Update-Announcements/Product-Update-21-3-of-Norton-Internet-S...

 

I can not speak for Comcast, nor the other vulnerbilites you have mentioned.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Bronze Star Contributor
Extech
Posts: 109
Registered: ‎07-06-2003

Re: Heartbleed Bug -- What is Comcast doing about it?

[ Edited ]

Sorry USAF_E_8_RET, I do not use Norton, for personal reasons. so your information is helpful but not to me, just wanted to know on the finding on Google search if it was true of more bugs found in Heartbleed, which true, we are not safe from anything and any where of cyber attacks now days. Thanks

Update, it's the Heatbleed Hand Shake Bug, effects mostly Android, on the Andriod Google Play Store they have a Heart Bleed SSL checker, and others, ran them on my Tablet and Phone, I'm OK it says on both Devices.

Gateway Desktop FX510S XPMCE.E6600 4GB BFG 8800GT OC 512MB GPU
Notebook dv6225us AMD Turion 64X2 2GB Go6150 GPU Vista Home Premuim