Author Topic: Comodo TrustConnect and Heartbleed.  (Read 4056 times)

Offline Fyord

  • Comodo's Hero
  • *****
  • Posts: 456
Comodo TrustConnect and Heartbleed.
« on: April 12, 2014, 11:29:32 AM »
More recently has been found highly critical vulnerability in OpenSSL. Following the publication of this vulnerability had been released very quickly fix for OpenSSL.Comodo TrustConnect also uses libraries OpenSSL, but he does not think updated. How to notify developers that they have updated as soon as possible TrustConnect?

Offline Fyord

  • Comodo's Hero
  • *****
  • Posts: 456
Re: Comodo TrustConnect and Heartbleed.
« Reply #1 on: April 13, 2014, 03:46:48 AM »
Himself had to rectify the situation.
As is known TrustConnect based on open source project OpenVPN. So download the latest version
openvpn-install-2.3.3-I002-i686.exe or openvpn-install-2.3.3-I002-x86_64.exe (depending on the bit your operating system), where this vulnerability persists.
OpenVPN installer then open the program 7-zip and extract it to a separate  folder files libeay32.dll, liblzo2-2.dll, libpkcs11-helper-1.dll, openssl.exe, ssleay32.dll, openvpn.exe.
Rename ssleay32.dll in libssl32.dll and openvpn.exe in TrustConnect.exe. After that, all the files in this folder is moved to the folder C:\Program Files\COMODO\TrustConnect\bin (for x86_32 system ) with the replacement of the original files.
Again open the OpenVPN distribution program 7-zip and extract the folder $TEMP file
tap-windows.exe (this installer TAP adapter) .
Run as administrator tap-windows.exe file and select the folder
C:\Program Files\COMODO\TrustConnect to install it in the adapter driver. After installation is complete, reboot your system and you can continue working in TrustConnect. Our problem is solved.

[attachment deleted by admin]
« Last Edit: April 21, 2014, 10:58:47 AM by Fyord »

Offline merke

  • Comodo's Hero
  • *****
  • Posts: 330
  • presto bingo
Re: Comodo TrustConnect and Heartbleed.
« Reply #2 on: April 13, 2014, 09:22:59 AM »
As is known TrustConnect based on open source project OpenVPN.
i did not know !

interesting because a lot of vpn work with openvpn so have they updated their tool ?
have i to follow your how-to for my soft (it is not trust connect) ?
is my vpn compromised ?
Is it a real world ?

Offline Fyord

  • Comodo's Hero
  • *****
  • Posts: 456
Re: Comodo TrustConnect and Heartbleed.
« Reply #3 on: April 13, 2014, 10:42:39 AM »
I think that is created using this statement follows VPN fully trusted by the user, as it is used only signed a valid digital signature project OpenVPN dynamic libraries and executables.

Excuse me for my English and possible misunderstandings, since Google Translate is still far from perfect.
« Last Edit: April 13, 2014, 10:49:50 AM by Fyord »

Offline Fyord

  • Comodo's Hero
  • *****
  • Posts: 456
Re: Comodo TrustConnect and Heartbleed.
« Reply #4 on: April 13, 2014, 10:57:28 AM »
interesting because a lot of vpn work with openvpn so have they updated their tool ?
I can't say for other VPN clients.

have i to follow your how-to for my soft (it is not trust connect)?
No.

is my vpn compromised ?
If your VPN client uses an outdated version of OpenSSL, your VPN connection can be compromised

Offline merke

  • Comodo's Hero
  • *****
  • Posts: 330
  • presto bingo
Re: Comodo TrustConnect and Heartbleed.
« Reply #5 on: April 13, 2014, 12:57:24 PM »
Thx Fyord.
i compare the version now (2.3.3-1001).
Is it a real world ?

Offline Fyord

  • Comodo's Hero
  • *****
  • Posts: 456
Re: Comodo TrustConnect and Heartbleed.
« Reply #6 on: April 21, 2014, 10:55:17 AM »
I wonder how long we have to wait for the Comodo deigns to release the latest version TrustConnest, reissue  their certificate. People know that your vpn connection is not secure now by listening and if you are using in their activities secret data, you can compromise them.

Successful private key extraction from OpenVPN using Heartbleed.

:-TD

Offline merke

  • Comodo's Hero
  • *****
  • Posts: 330
  • presto bingo
Re: Comodo TrustConnect and Heartbleed.
« Reply #7 on: April 21, 2014, 11:14:31 AM »
it is _only_trust connect - the other vpn are not concerned with this topic
Is it a real world ?

Offline Fyord

  • Comodo's Hero
  • *****
  • Posts: 456
Re: Comodo TrustConnect and Heartbleed.
« Reply #8 on: April 21, 2014, 11:57:58 AM »
it is _only_trust connect - the other vpn are not concerned with this topic
This applies to all Vpn services based on OpenVPN, so this applies to TrustConnect.

Offline merke

  • Comodo's Hero
  • *****
  • Posts: 330
  • presto bingo
Re: Comodo TrustConnect and Heartbleed.
« Reply #9 on: April 21, 2014, 12:16:08 PM »
i have had a different answer _ - at the beginning of this topic and on other forum - are we speaking about the same thing ?
i am speaking about a new version of vpn so patched-not vulnerable at this break recommended for trustconnect.
 openvpn-install-2.3.3-I002-i686.exe or openvpn-install-2.3.3-I002-x86_64.exe
if you are right ;  i must install the latest version but i do not know if my vpn will work after ... i will open a ticket for this question on the vpn site that i am using ... hoping a clear answer willl come from them also.
Thx Fyord.
Is it a real world ?

Offline merke

  • Comodo's Hero
  • *****
  • Posts: 330
  • presto bingo
Re: Comodo TrustConnect and Heartbleed.
« Reply #10 on: April 21, 2014, 10:43:25 PM »
 !ot!

ok _some confusion with this subject
it applies to all Vpn services based on OpenVPN but mine has yet done the necessary _ so i am not concerned except for tap-windows (if i do not confuse one more again ! :embarassed:).

Thx Fyord _  ;) 
Is it a real world ?


Offline merke

  • Comodo's Hero
  • *****
  • Posts: 330
  • presto bingo
Re: Comodo TrustConnect and Heartbleed.
« Reply #12 on: April 23, 2014, 09:06:27 AM »
heartbleed is a success and another will come ... is it a war against privacy ? or only a technical review ?
Is it a real world ?

Offline lbinner

  • Newbie
  • *
  • Posts: 4
Re: Comodo TrustConnect and Heartbleed.
« Reply #13 on: May 29, 2014, 05:33:19 AM »
Thanks to Fyord for the do-it-yourself OpenVPN/TC update.  However, I have to wonder why Comodo isn't doing this for a product they charge about USD100/year to use (well, admittedly it's the servers we pay for, not the client...). 

TC Client hasn't been updated since Aug. 2011, if the code signing time stamp is to be believed.  That's amazingly lame for a security product

From Comodo's perspective, USD 100 is a pretty good annual fee for a consumer product.  Are TC's customers so few, we're just not worth bothering with?  They still advertise (and sell) "WiFi Trustconnect"  Presumably, that's the same product.

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek