Foren

ZUR TESLA-COMMUNITY
REGISTRIERENEinloggen

5.9 Causes Browser Login Fails? Made me change google passwords...

Interesting factoid: my google login failed on the S browser today because it was reported as an unusual login. Google then required a verification process and a new password (huge pain - had to update about 12 other devices).

The interesting fact is that google then gave me a list of the suspect logins. The one from my Model S that was rejected by Google was identified as cingularCarBrowser. Cingular is the old name for AT&T's mobility division. This happened right after doing the 5.9 upgrade, so I suspect the browser update flagged my problem with google. So now any gmail or google-related login in my electronic world has to be updated... 5 iPads, two iPhones, Savant home automation system, two iMacs, multiple browsers, mapping, even my internet-linked exercise bicycle has to be updated with the new login.

Be ready to spend hours on your computer systems after doing the 5.9 install. Or stay away from a google login page in the S.

I'd recommend turning on 2-Step verification on your Google Acct and provide application specific password for your devices, this way you won't go through that again.
I use my google apps gmail on my Model S, the only issue is randomly I have to re-login and provide my normal login as well as a verification code. It's a pain, but it's secure.

Are you positive it was the car and not just coincidence?

There was a very nasty bug in OpenSSL (called Heartbleed) that allowed an attacker to read memory on the server. This memory has been reported to include usernames and passwords and affects a LOT of sites that use SSL (HTTPS...aka the padlock icon in your browser)

It was publicly announced on Tuesday, and the fix just required an update on the servers, and sites like Google, Facebook, banks, etc have been busy patching servers since then.

Users do not have to do anything so a lot of sites are staying quiet, but as it has been present for the last 2 years there is the possibility that usernames/passwords have been logged. (The NSA have reportedly known about it, but chose to use it rather than report /fix it)
Anyway, because of this risk, some sites have forced users to create a new password, and this is what may have caused what you saw.

It also may not have, but it's worth knowing about anyway in case you want to change passwords for other sites

@Whispering, Users do not have to do anything, actually, you DO want to change your passwords on HTTPS sites proactively (after the site has fixed Heartbleed by upgrading openssl, if they use it).

I sent an email to ownership@ asking if they use openssl and am awaiting a reply.

The NSA have reportedly known about it, but chose to use it rather than report /fix it
Sigh. And for two and a half years for crying out loud. :-(

Yeah, well, the NSA has denied that they knew about it, so we really don't know for sure. Which pretty much sums up anything to do with the NSA, we really don't know...

I'm pretty sure it was google seeing a new browser that it thought suspicious, as I was able to see the google record of all logins to my account that had occurred recently, and the flagged one came from my car based on the time of the login. It is that attempted login through my Tesla web browser that has had me spending a day changing every other device around here. I don't want to do the two step login as I find passwords and login processes a huge waste of time. We have no passwords on any of our devices for hardware access, and our wifi systems are open and unsecured. Of course we live and run our businesses from the end of a mile-long driveway and the only way to eavesdrop would be to bring a boat close to shore with a sniffer. Then there's the gunsafe and ammo stock in the garage for real security...

@NKYTA sorry, yes users should certainly change passwords. I was referring to installing patches, etc. Unfortunately some banks in particular have silently patched and have then either said nothing to customers or have responded with the situation here and now (I.e. that their site is unaffected. It saves them face but opens their customers up to possible problems)
I went on to say that users should still change passwords, but I should been clearer.
What I didn't want to do though was fan the flames going around in the media. We had one guy on UK morning TV on Thursday saying everyone should phone in sick and use the day to change all their passwords. If anyone did that BEFORE the site had updated, their password would have been more likely to have been in memory and so visible to anyone using the hack on that day. It must be done after the patch as you say.

There are lists of common affected sites like this one
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
but the best advice is to change them all anyway as some responses may have been given after their PR and legal teams were involved ;-)

@PD - I don't use Google for anything at all.

My password failed multiple times when trying to log on to "My Tesla" and I got a message that I needed to set a new password. That was on Firefox. I normally use IE on a different computer at the same location.

I went back to the computer that I usually use that has IE and found that I didn't have to reset my password and I wasn't locked out of "My Tesla". I didn't have to re-set my password for the Tesla page even though the other computer's message insisted.

Perhaps I am only locked out on that computer and browser until I change my password with Tesla?

I just received this from ownership, FYI:

Thank you for reaching out to Tesla Motors. I have connected with our Vulnerability team (vulnerability@teslamotors.com) and have been informed that www.teslamotors.com was not vulnerable to Heartbleed.

Takeaway? +1 and they have a Vulnerability team - awesome!

I bet that's the Hacker Queen or whatever she went by.

BH - yep, I imagine so.

@BH - She is the "Hacker Princess".
I wonder who the Queen might be.

She's a Zombie, now.


X Deutschland Site Besuchen