Domain: dcwg.org
Stories and comments across the archive that link to dcwg.org.
Comments · 5
-
The home router market is a an ongoing disasterIt's not just simple backdoors like the dlink one that are a problem.
There is a systemic complete and total regard for basic tenets of security in nearly the entire home router/cpe market.
Start with crypto - no hwrng and a known "less than ideal" version of
/dev/random to feed your "secure" wpa and ssh sessions.Worse:
There is no privilege separation in most routers, which was ok when they were single function devices - BUT: not ok, when vulnerability via services like samba can be used to root most of the top 10 current home routers:
http://securityevaluators.com/content/case-studies/routers/soho_service_hacks.jsp
Once an attacker p0wns your home gateway they can change your dns to malicious sites, as dnschanger did:
or have it participate in botnets, or inflict further attacks on unsuspecting devices both inside and outside your firewall, or sniff your traffic - there is no security when your front door is left wide open.
What nearly every home router and cpe manufacturer is shipping is **rotware**, running 4-7 year old kernels with known CVEs, and 10 year old versions of critical services like dnsmasq. You'd think that new 802.11ac devices available for this christmas might have some modern software on it, but just to pick out a recent example - the "new" netgear nighthawk router runs Linux 2.6.36.4 and dnsmasq 2.15, according to their R7000 gpl code drop -
http://kb.netgear.com/app/answers/detail/a_id/2649
Brand new hardware - 4+ and 10 year old software respectively.
It's unfair of me to pick on Netgear, every router I've looked at this christmas season has some major issues.
Right now, the only current hope for decent security in home routers is in open, modern, and maintained firmware. And I wish the manufacturers (and ISPs, AND users, and governments) understood that, and there was (in particular) a sustainable model for continuous updates and upgrades as effective as android's in this market. I don't care if it came from taxation, isp fees, or built into the price of the device - would you willingly leave your networks' front door open if you understood the consequences?
Rotten routers with closed source code, and no maintenance, are a huge security risk, and they are holding back the ipv6 transition, (and nearly all current models have bufferbloat, besides)
How can the dysfunctional edge of the Internet be fixed?
-
Interesting statistics
Top infected ISPs:
- Comcast / AS7922 - 10211 unique IPs
- BSNL (India) / AS9829 - 13818 unique IPs
- France Telecom / AS3215 - 5075 unique IPs
-
Interesting statistics
Top infected ISPs:
- Comcast / AS7922 - 10211 unique IPs
- BSNL (India) / AS9829 - 13818 unique IPs
- France Telecom / AS3215 - 5075 unique IPs
-
Re:Yes, it should shut them down
http://www.dcwg.org/
It's been in every antivirus program update since January. It's been covered on every PC-related Web site out there. Facebook has been warning anyone who visits while infected about the problem since early June. It's been the Malicious Software Removal Tool Microsoft sends monthly through Windows Update for months now. The only people who don't know about the problem are the ones who've been willfully refusing to look at anything related to the security of their computers. Well, you can't safely do that. That's been, or should have been, common knowledge for the last 20 years. -
Re:ISP should warn themThat horse has long since bolted. The ISPs were notified, and it's also possible for them to check their IP space for infected hosts at the DNS Changer Working Group's website. The sad fact is that the ISPs in question have done the math and come to the conclusion that they can either:
- Notify their infected customers, at a cost of $x per customer, probably only to have most of their users either ignore the warning or contact the ISP's support line, potentially at additional cost to the ISP (unless they have a premium rate support service).
- Ignore the problem until the FBI's DNS servers are switched off, at which point, hopefully, many of the users will figure out the solution at no cost to the ISP reducing the burden on the ISP's support desk and costs. Hey, everyone has to keeps costs down, right?
Bonus douchebag points for any ISPs that have a large number of infected customers and have, purely coincidentally of course, moved support calls to a premium rate number in the last few months.