Slashdot Mirror
The Desktop Security Battle May Be Lost
Trailrunner7 writes in with a Threatpost.com article that begins: "For years, security experts, analysts and even users have been lamenting the state of desktop security. Viruses, spam, Trojans and rootkits have added up to create an ugly picture. But, the good news is that the desktop security battle may be over. The less-than-good news, however, is that we may have lost it. Jeremiah Grossman, CTO of WhiteHat Security, said Thursday that many organizations, particularly in the financial services industry, have gotten to the point of assuming that their customers' desktops are compromised. And moving forward from that assumption, things don't get much prettier." It goes on to speculate about home routers being targeted and infected.
If you'd have read the article, you'd know that home networks are the new frontier for hackers and a big reason why security experts are giving up the desktop fight to focus on the network instead. From the article: "... it won’t matter if PCs are disinfected, swapped out, or replaced with iPads, the bad guys are still control because they own the network below." So the old Blame Windows standard won't work in this case.
Telus gave us this really crappy DSL/Wireless router. I never changed the admin password (admin/telus) on it, but I put a wireless password on it.
To quote the Mythbusters, "Well there's your problem!"
I like to think of online DRM as something akin to a college -- you pay for lessons until you learn something.
The article states "These are all reasonable assumptions based on real-world attacks that have been going on for some time now. Attackers have been targeting home networking equipment for a couple of years, using a combination of vulnerabilities in the firmware and hardware to get control of home users' outbound Internet traffic". Links within the original blog post discuss botnets that are already attacking Linux-based routers
There's nothing "hypothetical" about this threat.