Dear Asus Router User: All Your Cloud Are Belong To Us

New submitter Trax3001BBS writes "Ars is running an article about a vulnerability of Asus routers that are becoming very popular at the moment for connecting USB devices to the Internet. From the article: 'An Ars reader by the name of Jerry got a nasty surprise as he was browsing the contents of his external hard drive over the weekend — a mysterious text file warning him that he had been hacked thanks to a critical vulnerability in the Asus router he used ... The guerilla-style hacking disclosure comes eight months after a security researcher publicly disclosed the underlying vulnerability that exposed the hard drives of ... Asus router users. ... According to Lovett, the weakness affects a variety of Asus router models, including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R. Asus reportedly patched the vulnerabilities late last week...' And this old news, come new again: The Asuswrt Merlin ROM took care of this vulnerability months ago (defect #17)."

Re:Open Source is better.

[AlphaWolf_HK]

I've got an RT-AC66U myself and honestly I like tomato (shibby version) a hell of a lot better for it. Multiple reasons, but the biggest include:

The interface in DD-WRT is clunky; by that I mean they use a worse than MS Windows* style of individual fields for IP address octets so that you have to tab between fields instead of naturally typing it out in the dot notation like you do everywhere else; and if you change one setting that uses a refresh object it *very annoyingly* undoes any unsaved settings you may have made on that page. *(MS Windows is actually slightly better here because if you type in the dots it automatically moves to the next field, whereas DD-WRT does not, requiring you to tab instead, and if you make an error in a previous field you have to shift-tab and arrow to your mistake instead of simply hitting backspace.)

Tomato has really nifty links for doing things quickly. A beautiful example is like giving a MAC address a sticky dynamic IP address just requires a click, typing the IP address and desired hostname (for local DNS resolution if you desire) and then clicking save. With DD-WRT you have to go through numerous steps just to type in the MAC address.

DD-WRT's QoS functions, and its network monitoring and analysis functions are downright awful compared to tomato. Just straight up awful.

DD-WRT deliberately cripples certain features unless you pay for them (such as its QoS features, which even the paid version is worse than what Tomato offers for free.)

(Kind of hypocritical too because DD-WRT was originally built by a group that was tired of the Sveasoft guy hoarding his changes to the GPLed code to only those who paid him, but I don't count that against them because I'm more of a "I use what works" kind of guy.)

Then again I'm a hobbyist when it comes to networks, so I might have more stringent demands than anybody else.