Slashdot Mirror
Routers Pose Biggest Security Threat To Home Networks
Nerval's Lobster writes "The remote-access management flaw that allowed TheMoon worm to thrive on Linksys routers is far from the only vulnerability in that particular brand of hardware, though it might be simpler to call all home-based wireless routers gaping holes of insecurity than to list all the flaws in those of just one vendor. An even longer list of Linksys (and Cisco and Netgear) routers were identified in January as having a backdoor built into the original versions of their firmware in 2005 and never taken out. Serious as those flaws are, they don't compare to the list of vulnerabilities resulting from an impossibly complex mesh of sophisticated network services that make nearly every router aimed at homes or small offices an easy target for attack, according to network-security penetration- and testing services. For example, wireless routers (especially home routers owned by technically challenged consumers) are riddled with security holes stemming from design goals that emphasize usability over security, which often puts consumers at risk from malware or attacks on devices they don't know how to monitor, but through which flow all their personal and financial information via links to online banking, entertainment, credit cards and even direct connections to their work networks, according to a condemnation of the Home Network Administration Protocol from Tenable Network Security. Meanwhile, a January 2013 study from Rapid7 found 40 million to 50 million network-enabled devices, including nearly all home routers, were vulnerable to exploits using UPnP. Is there any way to fix this target-rich environment?"
If only there were an easily upgradeable open source router operating system to which vendors could add support for their hardware leaving long term maintenance to a larger community.
http://www.dd-wrt.com/site/ind... Why not right?
Pentesting the custom firmwares from projects like OpenWRT/DD-WRT/Tomato etc?
Misconfigured devices are insecure? Who'd a thunk it.
I'd vote that end users pose the biggest security threat to home networks, anyway.
I have PFSense running on a virtual server, which I recommend to anyone. Perhaps not on the virtual server... it kind of adds a layer of complication that most people probably wouldn't care for, but it works well enough.
http://www.pfsense.org/
Hopefully no huge flaw comes out on that without me noticing. That would be embarrassing.
- ------- There are ten kinds of people in the world. Those who understand binary, and those who... Huh?
I bet everyone is busy writing smug comments about closed source firmwares, but let's not forget that DD-WRT have had a similar bug. http://www.xtremesystems.org/forums/showthread.php?230880-Massive-DD-WRT-Security-Hole-%28Unauthenticated-Root-Control-Possible%29
I don't actually know if it matters or not but I prefer Apple over other wireless routers because it's so damn braindead easy to keep them patched. Apple just pushes out firmware updates (rarely). Every other router I've owned it was a struggle to figure out if it needed a patch, how to do it. Moreover it was a source of worry even when there wasn't a problem which alone was worth any relatively small cost differential.
Some drink at the fountain of knowledge. Others just gargle.
I feel that all those links to WRT/PFSense/M0N0Wall/Tomato/etc are kind of redundant.
Sufficient to understand, that the underlying concept of UPnP is an abomination; a sick and distorted concept that deserves nothing less than an immediate death sentence, and to be buried along with The Funniest Joke In The World; never to be resurrected again.
Yes, this is /. We can upgrade our router firmware or install other firmware. Joe Sixpack cannot.
The blame for this should be laid squarely at the feet of the router manufacturers. IMHO, here's what Linksys/Cisco/Netgear/etc/etc/etc/ should do, at the very least:
1. Be open and forthcoming about bugs found in their router software
2. By default, routers should ship with automatic firmware updates enabled. This should be difficult to disable and robust enough that it'll *just work* with no user intervention.
3. Tell this to their customers in plain English or $localLanguage on the product packaging. And NOT in fine print. Make it very obviously noticeable to the purchaser. This can and should be a signifiant selling point, really. If I'm at BestBuy/WalMart/etc. and see one router boldly telling me "We care about your security! To protect you and your data, this router will check weekly with $manufacturer and update itself to give you the most secure Internet experience possible." And it's sitting next to another router that says no such thing, I'd buy the one that will keep me safe.
"Reuters Pose Biggest Security Threat To Home Networks"
I resisted wireless as long as I could because of this very issue. I can turn on my computer and see a dozen networks, and I live in the suburbs. Unfortunately, convenience and devices I wanted to use finally required it (can't use an iPad without wireless), so I caved a few years ago. Thankfully, I learned long, long a go that if I didn't want something on the Internet, I didn't let it near an Internet connected computer. I have an old laptop I use for personal things that is not connected to any internet whatsoever, and if I need to move files it's on a burned, finalized CD. Sure, it can still be read semi-remotely if someone wants to invest in that magnetic scanning tech that can read what data you are writing to your hard drive, but a) I don't have anything that would be THAT valuable to anyone, and b) if someone was going to use that on me, I've got far greater things to worry about.
Inline with the PFSense comment, i'm running IpCop. It's arguably less maintained than pfs, but it does the job and likely stays off the radar due to the small user base. It'll also run on virtually any old machine you have lying around, so there's really no need to virtualize (other than a few saved watts / ft).
design goals that emphasize usability over security
I wonder why usability was able to sell more than security? Hmm. Let's think about that.
Meanwhile, a January 2013 study from Rapid7 found 40 million to 50 million network-enabled devices, including nearly all home routers, were vulnerable to exploits using UPnP.
Man, and I can't get my home router to do UPnP. It's bad that UPnP allows for the configuration of the router to come from a machine outside of the network, but that should get fixed and UPnP should be able to start behaving like it is designed to.
with millions of suspected users all online at once 24/7 it's hard to resist wondering what the need to beak in is about?
Commercial, closed-source products just tend to have these problems and it's pie-in-the-sky to wish for a vendor to produce a secure product. If you want it secure, probably your best bet is an open source, open hardware mini server (like cubieboard or Raspberry Pi) and you're going to have to learn to do it yourself.
After I found that my ASUS RT-15U was running telnet with a default password, open to the world which I couldn't kill or change the password on, I swore of embedded device routers.
I have replaced it with a small Debian box with dual NICS, and bought a 24port switch from TPLINK. It was the best decision I have ever made. Perfect reliability, complete control, via IPTABLES. I've got auto blocking of malicious ips trying to hit my ssh or port scanning me via DenyHosts and PSAD.
A couple other custom scripts and DNSMASQ, dhclient, snort, and python, and I have all the other services and features I want, and ONLY the services and features I want.
Man, and I can't get my home router to do UPnP. It's bad that UPnP allows for the configuration of the router to come from a machine outside of the network, but that should get fixed and UPnP should be able to start behaving like it is designed to.
Considering UPnP is broken by design, that's not really an improvement. Replacing a security hole in the router by a hundred apps that want their own ports to expose their own security holes to the Internet doesn't help much.
Forgive me if I'm wrong, but wasn't OpenWrt based on this same firmware? Or is this bug with the VxWorks-based firmware that Linksys later switched to?
The default password, when it is the same default password across all units of the same model or even the same manufacturer, is easy to exploit. Any website can send the user's browser some code that instructs it to attempt to log in via the user's router's web interface with the default password. It works because the user's browser is behind the firewall and therefore "trusted". Once logged in, it's trivial to reconfigure the router to open up all kinds of holes. Harder but still doable is getting the router to host and run malware itself.
The admin password is the first thing I change on a new router. Manufacturers who still don't individualize the factory set password are responsible for a lot of these problems.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
what about http://www.ipfire.org/ ? Needs a bit more grunt than dd-wrt but it is very easy to upgrade....
If only there were an easily upgradeable open source router operating system to which vendors could add support for their hardware leaving long term maintenance to a larger community.
If only it supported routers with built-in ADSL (which was the dealbreaker last time I looked at DD-WRT - and it took me some digging to discover that was why none of the routers I wanted to use it on).
If that's since been fixed - and supports a router I can actually buy somewhere - then mod me happy.
Personally, I could put together a low-power Linux box, get an ADSL modem, an ethernet switch, wireless access point (sounds like Belinksysco crap would be just as big a liability in WAP-only or modem-only mode) but (a) that's replacing 1 always-on box with 2-3 always-on boxes (b) there's the non-zero chance that I could screw up and (c) it doesn't really help joe public who need a reliable, secure plug-and-go box.
Any trustworthy all-in-one ADSL Modem/Routers/WAPs out there?
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
I dispute the posts assertion that home routers are designed for usability. The interfaces for home routers are typically confusing, slow, awkward, undocumented, ugly, not discoverer, poorly conveying, and inconsistent.
-Cosmotic ÔÔ
So this article is saying that routers are *bad* things for security right? Not so fast...
In my view, having a router, even an imperfect one, between you and the internet is a *GOOD* thing for security. Yes, routers might be security risks, but NOT having them is even WORSE of a risk.
Does *anybody* out there remember what it used to be like? It wasn't that long ago that the standard internet connection was for ONE machine and used a PPP connection that pretty much put your Windows (mostly) box directly on the internet. When all this got started, we didn't even have software firewalls. Imagine having a windows 95 box with all the standard services on a routeable IP address. It WAS extremely risky. I remember having unsolicited popups coming up all the time and bothering me with all manner of advertisements. It was a mess and security was extremely lacking.
But then we have the dawn of consumer's using routers and doing all the same exploits became harder because of the NAT. Then routers added stateless firewalls, then state-full firewalls and closed many of the avenues used by the "bad guys" to gain control of your system.
Consumer grade routers have been a HUGE boon to network security in the consumer world. Do they have flaws? Many do, but their contribution to overall security is worth more to me than the risks they may pose. Give me a router, even a flawed one, over nothing. Making the bad guys work harder is a good thing for security, and a flawed router does that.
It's not that we shouldn't be discussing how routers should be made more secure. Obviously we want them to improve. It's just that we cannot loose sight of how far we've come BECAUSE of these things.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
the biggest security threat to computers is the user. users improperly configure things, wont take security precautions (like using weak passwords) and will outright download viruses/malware. far too many users are not competent enough to tell the difference of a real popup window and a website claiming they have a virus and they need to install their trojan horse immediately.
Anons need not reply. Questions end with a question mark.
I seriously doubt that Belkin will put out firmware updates for all the old $50 Linksys router models they inherited support for--instead opting to push users to buy replacement models they otherwise wouldn't need. The likely answer is NO--even with a class-action lawsuit. (In all actuality, a 2006-era 2.4GHz 802.11G WPA2 router is still more than plenty for the crappy broadband speeds available in North America...)
This is what scares me about the Internet of Things when it comes to long-life appliances that you could own/use for decades... How long will manufacturers (many of whom have 0 experience so far with connecting their products to anything but a power cable) continue to support these devices? Ultimately, government regulation may be required in this space. God knows I wouldn't want my IoT refrigerator to get "bricked" (a really heavy, big brick!) after 20 years because the manufacturer went under & the fridge couldn't phone home... Or worse, because someone found a backdoor that had been in place for all models in use for 9 years before my model was developed...
Windows 3.1x calc: 3.11 - 3.10 = 0.00
Is an Ubuntu machine with three NICs. The firewall is configured with the Shorewall utility. It only needs to be rebooted for kernel updates.
NAT should setup a rule to allow your machine to get packets as long as you send some packets there first. Unless your game machine is acting as a game server and getting packets from many host, it should just work. Otherwise, you could/should setup a port forward to your internal machine.
I have been thinking this about the internet of things as well. Then when they roll out IPv6 we can put all of our extremely dated hardware directly on the internet!
there are options for more secure but they fight the hardware hackers instead of embracing them. If they would reach out to the communities and work with them or PAY these groups like OpenWRT to write their firmware they would end up with a better product.
Do not look at laser with remaining good eye.
True, but in my days of playing Starcraft and Warcraft 3, connecting to Battle.net and hosting a multiplayer map resulted in your computer to begin listening for new connections on a port. I had to configure port forwarding to allow connections to come through. Technically, this would be a game server in a sense, but it's example of something even a casual gamer/user would do.
It does not matter what kind of hardware or software you have or use without knowing what the best security practices are you will be vulnerable. People just want something easy to use. A good example is UPnP. used improperly it can open up the network to all kinds of vulnerabilities but people are willing to sacrifice their security because they don't want to take the time to learn about proper port forwarding. So the problem will continue until people take security seriously. Having said that their is nothing wrong with OpenWRT, DD-WRT, or Tomato firmwares but without knowing how to set them up securely it's still a huge problem. Lack of and misunderstanding of information does not help either alot of these communities associated with these firmwares have very poor documentation.
Chris Sheppard
Are those results of the tests trustworthy?
Don't forget to hard disable the microphone on the laptop if it has one. There is a malware that can communicate using high frequency sound, from a networked machine to un-networked one.
I think that is about as likely as getting molested by a unicorn.
Seriously folks, I'm all for reasonable amounts of security but this sort of thing is just hide under the bed paranoia.
This sort of issue is why the Free Software Foundation was created. It wasn't because Stallman had some kind of political agenda, it's because he wanted to fix the driver for his printer, but couldn't because it was proprietary. The "Internet of Things" has the exact same problem, and the exact same solution.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I seriously doubt that Belkin will put out firmware updates for all the old $50 Linksys router models they inherited support for--instead opting to push users to buy replacement models they otherwise wouldn't need. The likely answer is NO--even with a class-action lawsuit. (In all actuality, a 2006-era 2.4GHz 802.11G WPA2 router is still more than plenty for the crappy broadband speeds available in North America...)
This is what scares me about the Internet of Things when it comes to long-life appliances that you could own/use for decades... How long will manufacturers (many of whom have 0 experience so far with connecting their products to anything but a power cable) continue to support these devices? Ultimately, government regulation may be required in this space. God knows I wouldn't want my IoT refrigerator to get "bricked" (a really heavy, big brick!) after 20 years because the manufacturer went under & the fridge couldn't phone home... Or worse, because someone found a backdoor that had been in place for all models in use for 9 years before my model was developed...
In your bricked appliance scenarios, the vendors would do exactly what they would do today for older appliances that do NOT have internet connectivity.
They would laugh in your face at the thought of them giving you ANY support after a decade of ownership, and tell you to get your ass in the store for the "fix".
Sorry, but name something in this world that has a warranty beyond 5 years. It simply doesn't exist anymore, and therefore your "long term" argument is pointless from a support perspective. You'll either pay someone to fix your old shit, or your will kindly get in line like all the other consumer sheep and go buy a new one to replace your disposable appliance.
And the Internet of Things won't change that a damn bit.
Yeah. Script injection to do CSRF with DNS rebinding.
http://media.blackhat.com/bh-us-10/presentations/Heffner/BlackHat-USA-2010-Heffner-How-to-Hack-Millions-of-Routers-slides.pdf
I like my Smoothies. You can also physically separate your wap's from your wired network.
F everyone else if they are going to crank out a bunch of crappy routers that have more in common with a steaming turd than electronic hardware that's supposed to be a secure hardware layer.
If the router allows packets on the LAN side with its WAN-side IP to access its LAN side services (take a moment now, if you need it), then a remotesite.com that resolves to both the attacker's site and to the WAN-side IP of the router can coax the browser into accessing the router's local services. Some DNS systems protect against this. No browser can.
http://media.blackhat.com/bh-us-10/presentations/Heffner/BlackHat-USA-2010-Heffner-How-to-Hack-Millions-of-Routers-slides.pdf
From where he libeled me before this post http://yro.slashdot.org/commen... and I made him "eat his words" there in the post parent to mine in that reply using verifiable facts with people in the security community!
Lumpy ran like the weasel he is after that. Figures. He talks big on many things but when push comes to shove? You see Lumpy do a "Run, Forrest: RUN!!!" like he is now avoiding this test of mine to see if he has been downmodding my posts for years here as I suspect.
He hasn't (& I suspect he WON'T reply using his registered user account LUMPY on slashdot here -> http://games.slashdot.org/comm...
(Since I am nearly sure he has been doing what he did there to me, for years directed my way - downmoderating my posts "hit & RUN" (Forrest, RUN, lol) style...)
APK
P.S.=> We'll see IF he does (he could have done those downmods using sockpuppets too possibly, but I don't think he's that smart in this case) - if he doesn't? He only proves me right, as usual...
... apk
This is an honest question.
Is there any penetration testing or statistics that suggests that dd-wrt and the likes are more secure, or is this an it-runs-Linux-so-it-must-be-good knee-jerk assumption?
I used to run dd-wrt on a router some years ago and liked it feature-wise and performance-wise. However, my confidence in its security took a pretty big hit when I read about this gaping security hole in 2009. It's the kind of issue that makes you doubt that some of the developers really know what they are doing.
Food usually works. If not that, there is always money.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
iptables -P INPUT -s ! 127.0.0.1 DROP
iptables -P OUTPUT -d ! 127.0.0.1 DROP
iptables -P FORWARD DROP
iptables -A INPUT -p udp --dport 1194 -j ACCEPT #OpenVPN
iptables -t mangle -I OUTPUT -m owner --uid-owner proxy -j MARK --set-mark 1
iptables -A OUTPUT -j ACCEPT -m mark --mark 1
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
Absolutely no need for new outgoing connections from localhost, or any outgoing connections from any internal machine that are not set up to use the proxy.
We don't do blind proxying, and the proxying rules are also incredibly strict.
From where he libeled me before this post http://yro.slashdot.org/commen... and I made him "eat his words" there in the post parent to mine in that reply using verifiable facts with people in the security community!
Lumpy ran like the weasel he is after that. Figures. He talks big on many things but when push comes to shove? You see Lumpy do a "Run, Forrest: RUN!!!" like he is now avoiding this test of mine to see if he has been downmodding my posts for years here as I suspect.
He hasn't (& I suspect he WON'T reply using his registered user account LUMPY on slashdot here -> http://games.slashdot.org/comm...
(Since I am nearly sure he has been doing what he did there to me, for years directed my way - downmoderating my posts "hit & RUN" (Forrest, RUN, lol) style - yet NEVER disproving my points validly (odd that, eh? NOT...)
APK
P.S.=> We'll see IF he does (he could have done those downmods using sockpuppets too possibly, but I don't think he's that smart in this case) - if he doesn't? He only proves me right, as usual...
... apk
I think the grandparent's point is that even if official support doesn't extend for the life of an appliance like a refrigerator, it remains useful after the support expires. Especially if we buy appliances of high quality, we have a reason to expect that they'll probably chug along usefully after the warranty runs out. Warranties were never supposed to imply that this device will work for exactly x-many years. It's a guarantee that it will work for at least that long. But if these are "smart" devices that outlive their software support, then the hacking wolves of the internet can take them down even if the compressors and motors are working fine. Tech support will tell you that your only alternative is to buy a new fridge, which is immune to the hack that turned the old one into a lettuce-freezing spambot. Of course, once it's off warranty, you'll again be on your own against the wolves of the day, and it won't be long before you'll need yet another new fridge.
NAT is a general concept, not a standard. One NAT may implement exactly that, but others may not. This is something hard for programmers to design for.
I agree, except it's better to push people on to 802.11n in the 2.4Ghz space; it uses the radio space more efficiently and won't slow down your neighbours. It also adds range and reliability. Considering most complaints aren't going to be about the routing performance but the wireless coverage, upgrading to n would be a boon for many, especially dual-band if their devices can run on 5Ghz.
Now there's one hoopy frood who really knows where his towel is!
I think that programmers are going to assume they can talk to the remote host, and then timeout/fallback when that communication fails to take place correctly. If you are going to connect to a server either with tcp or udp, you are going to do a gethostbyname and then send a packet. The NAT appliance is going to see the packets and set up its translation table so that outgoing packets get re-written with the correct source address/port. And the incoming packets from the dest/port are going to get re-written to talk to the client program.
What messes things up is that the client has to push through the NAT first to setup the translation table. Which works fine unless you are acting as a server and are waiting for an unknown host to talk to. Then the translation table is empty, and your firewall is blocking everything.
UPnP is a way to create servers without doing administration on the firewall. The application is not aware of any of this unless it tries to use UPnP to poke a dynamic hole in the firewall.
Where you libeled me & ran when I used facts vs it -> http://yro.slashdot.org/commen...
(You sure "talk a good game" -> http://games.slashdot.org/comm... but you can't even produce a MERE SCRIPT, for Pete's sake...!)
You aren't even on the leve of a "script kiddie", & full of HOT AIR, windbag!
* :)
(You know it, I know it, & so does anyone reading AND laughing their asses off @ you now... lol!)
APK
P.S.=> Answer the question in the subject-line Lumpy - & WHY won't you reply as Lumpy your registered user account name here on slashdot in the next link I posted below?
Is it since it will remove the unjustifiable downmods you applied to my other post here -> http://games.slashdot.org/comm... IF you post as your registered account here on slashdot of Lumpy?
I think so.
Yes - I suspect that IS the case here (simply logging out of a registered account & trolling by ac is a common troll trick around here OR using alternate registered 'luser' accounts sockpuppets to do the job will also, & Lumpy is LOADED with those & trolling - which doesn't matter: He PROVES he's all talk, no action (or skills, OR brains, lol))...
... apk
God knows I wouldn't want my IoT refrigerator to get "bricked" (a really heavy, big brick!) after 20 years because the manufacturer went under & the fridge couldn't phone home...
No problem there. No refrigerator built today will last longer than 8 years.
The part of a "home network" that is connected to the 'net is the biggest threat?
It's also the part that's doing the simplest thing (assuming you haven't networked your light switches). No bumbling grandma clicking every popup in sight, no kids downloading their warez. A router should be a rock-solid appliance that shouldn't be able to be "hacked" in any meaningful way without physical access.
Bottom line, it's surprising - or at the very least troubling - that routers are such a security problem.
Last post!
My current ISP uses VDSL2 for all their current plans, and they only offer modem+router combos (and refuse to even allow you to put them into bridge mode). The problem is that VDSL2 requires a cert from the ISP to work, so even if I could find a compatible VDSL2 standalone modem I wouldn't be able to use it.
There is only one other primary ISP available to me, and they are a cable provider, and also only offer modem+router combos. At least for them they'll remotely put their device into bridge mode, but you're still stuck with a router connected to the internet in your home and you just have to trust them that it'll be fine (and I've heard they're far from stable).
It seems like my only options if I want to run my own router hardware are to pay for an expensive business plan (I mean, at least I hope they still offer modem-only solutions for businesses) or to just stick with my old ADSL plan. It's slow, but I can use my own router with their inoffensive standalone modem, and as a bonus my plan is old enough that I don't have usage caps, unlike seemingly every other plan in Canada now (unless you pay an extreme additional premium).
I remember sigs. Oh, a simpler time!
Just read where Belkin routers have a exploit to access USB drives hooked to their routers. Go figure, the security of routers is broken. Manufactures make router stupid proof for idiot consumers who can't read or understand directions. Heck its why for years Wireless routers came out of box with wireless security turned off. So idiot people could connect to their router and not waste countless hours with tech support.
Two things not to do with a router, don't turn off firewalls, don't hook anything to them except through Wireless secure connections and LAN ports.
These Router makers use rather weak and poorly thrown together firmware. Its why so many of them issue a lot of revisions of firmware just to fix all the crap that breaks.
It's not a question about warranty or even availability of replacement parts, it's a question about opening themselves up to extremely long support schedules, something they have never had to do before. If I call an appliance repairman for a 40 year old fridge, he'll likely be able to find the right replacement part... But that model no longer holds true in IoT. Look at cars (at least in the US)... Auto manufacturers have taken on the responsibility that all of their past models could face a recall, even 15+ years after the fact. (NHTSA still opens cases for cars sold in the '90s). The same would have to be said about Internet-connected devices--specifically household appliances.
The problem is that we're talking about operating systems, web hosting software, network stacks, databases, device drivers, etc., that would need to be supported for, easily, 20+ years. Think back to 1994--what software that existed then is supported now??? NONE. So, imagine you buy in 2014 an IoT refrigerator full of the latest & greatest Android 4.4.x and/or Linux 3.13.x FOSS software--what sort of support would you expect for any of that in 2034??? Would you expect Amana, GE, Kitchenaid, Electrolux, Miele, Kenmore, etc., engineers to be fixing Linux 3.13.x kernel security holes in their 20-year old appliances? FOSS or not, as a consumer, I would expect that appliance to continue to work & not get bricked by malware that was deposited remotely...
Windows 3.1x calc: 3.11 - 3.10 = 0.00
Relax, don't worry, be happy. The "Internet of Things" is a fad. It will disappear without a trace soon enough, and then you won't have to worry about 10- or 20-year update support for your fridge.
IoT isn't even a particularly new idea. I'm pretty sure I was hearing about the inevitable domination of internet enabled kitchen appliances ten years ago. It didn't happen then, and it's not going to happen now, because...
Starry-eyed idealism: ANDROID IN THE FRIDGE IS A WHOLE NEW PARADIGM OMG!! It will change how we do EVERYTHING!
Reality: Android in the fridge is dumb. If you buy a fridge with android in it, it will be about a month before you get sick of fucking with the android device every time you open the fridge just so that it can "automatically" notify you when you've used something up. And don't believe anyone who tries to sell you the idea that "sensors" can perfectly ID everything that goes in and comes out.
Maybe I'm too cynical, but to me the IoT fad is a classic case of mistaking the existence of high geek-appeal solutions as proof that there are real problems which average people will pay money to have solved.
I agree with you, in theory. In practice, however, nobody is fixing bugs/security holes in obsolete platforms. Let's say the IoT existed in 1994 & you bought a new Kenmore IoT fridge running Linux 1.x. Fast forward to 2014--who today is doing anything with the Linux 1.x kernel? Nobody--including Kenmore support engineers. Your fridge was pwned probably 15 years ago...
Windows 3.1x calc: 3.11 - 3.10 = 0.00
Considering UPnP is broken by design, that's not really an improvement. Replacing a security hole in the router by a hundred apps that want their own ports to expose their own security holes to the Internet doesn't help much.
I feel like I can be responsible for anything that runs on my machine, so I'm okay with that.
In 1998, I purchased a computer running Windows. Shortly afterwards, I installed Linux 2.2 and a webserver on it. Strangely enough, the computer is still working, is running a modern kernel with full support for the hardware, and somehow managed to avoid being pwned at any point in the intervening 15 years.
The nice thing about open-source software is that you generally don't need to run obsolete software on ancient hardware. That Kenmore IoT fridge would probably run a Linux 3.x kernel without problems, as long as the software was genuinely open-sourced.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
If your product can not be reasonably or safely configured by its target market, then while it is tempting to blame the individuals, it is the manufacturer who has failed.
Yes consumers failed, and consumer groups, it is, or should be just as much our responsibility, as well as these [reminding you how untrustworthy companies are] companies to make sure they stop short cutting product security. Putting in, as worthless as this has shown time and time again, a regulating body with heavy fines and or incentives for creating bad/good security may deter this. Then again look at the lack of security within government and my idea pretty much would be for nothing.
I go back to the argument that people should get together, organizations, watch groups, security researchers, and start filing massive lawsuits against these companies. Since the internet was unleashed on the masses we continue to put up with story after story on gaping holes that companies ignore, and or they are {pathetically} worried about people not buying the product because they feel it isn't "user friendly". This stuff should be left to people that can be certified to install then it set-up to the users needs, certified because should the installer decide to abuse his knowledge and exploit the systems [an inside man for hackers] he can also be held accountable.
The arguments over who is responsible for everyone. And we really shouldn't even be discussing this if proper agencies or regulatory bodies were in place to stop this, or at least minimize it.
To send trolls a CLEAR message: You're bogus downmods "advantage" just *might* be one you can screw with others with, but NOT me (Lumpy libeling me & having it exposed to "name & shame" him WAS necessary - & yes, it worked: He's been posting like MAD all month, but after that yesterday? He's gone "silent"... so, yes, it was effective AND IT WORKED - I've dealt with wannabe bullies ALL MY LIFE (I grew up & live in a pretty bad violent urban environs, & you learn fast to take on bullies to take them out, & usually once you give them a GOOD PUNCH IN THE NOSE or JAW they stop... might take more than one, but it works, ALMOST every time...get it? Good!). So, when you downmod bomb me (which happens here quite a lot, the majority of the time on my posts on hosts especially, and I don't spam them - I only post them WHERE THEY ARE PERTINENT or APPY... funny, no one EVER 'bitches' on all the AdBlock ones though, eh? Is that because it's "Open Sores"? Well, it's inferior & doesn't DO as much, point-blank, period... & if others can do that, then, so can I on hosts... or is there a "double-std." here when it comes to "Open SORES" crap vs. anything else? Is that what the deal is here?? Fuck that!)
APK
P.S.=> I find it "odd" (not, jsut another discriminatory example of b.s. here) I had to bust my message up into 3 parts here, but you didn;t have to... apk
Cotinued from -> http://slashdot.org/comments.p...
No, your downmod bombing advantage was one I wanted to send a message on too... for a year, I wouldn't allow myself (sort of a personal promise to NOT abuse power I always had, just to see how I'd fare without it (call it not wanting to be the NSA with absolute power corrupting absolutely, but his time I had to use it)) to NOT use what I could always do (post unlimitedly) - but when that FOOL Lumpy libeled me & I'm told "Oh, that's OK" NO, it is not... it is an attempt @ damaging my professional reputation & that IS the worst form of libel... I had to shit all over him exposing him in doing it, and yes, he's ceased posting... it works. Name & Shame is just as good as a punch in the face of any bully I found out).
So, the b.s you're feeding me, based on the results here? IS B.S. from YOUR end LUMPY (yes, it's you, I am nearly certain of it)... funny Lumpy also won't post where I dared him to as well - he KNOWS it will show everyone here that when my downmods disappear from a thread he was the parent in, the downmods will disappear, and it will also be PROOF he cheats the moderation system (ie afaik you cannot downmod in a post using a registered username & then come in again as that username & post without removing all your downmods you put on others).
APK
P.S.=> Last part's coming up in seconds & it IS THE MOST IMPORTANT PART (what this site really needs to stop trolls, but only thing is, I don't think they WANT them stopped)... apk
NAT should setup NOT a rule to allow your machine to get packets as long as you send some packets there first.
That's not a VDSL thing, that's due to the way your ISP has implemented it (AT&T I am guessing).
I'm in the UK, I have VDSL2, and while they currently supply their own modem (and would rather you used it, but they don't stop you using something else), they are going to provide another option where they don't provide the hardware, they leave it up to the ISP who is buying the connection (or the end user if the ISP doesn't want to). Users on older connections can still use other VDSL2 modems if they want, but it isn't that necessary because the telco supplied modem works well and is just a simple ethernet bridge.
The router that you connect to that modem has to speak PPPoE with simple username/password authentication, so basically anything will work as long as it has ethernet (and/or a built in VDSL modem). No certificates or complicated setup needed.
Continued from -> http://slashdot.org/comments.p...
As to your "wannabe shrink" advice? Care to show us your qualifications?? YOU Lumpy, don't have them - period. Then again, that's libelous too, now isn't it?? You're a REAL PRIZE pal, you have NO regard for laws do you, you little shit???
Odd you stopped posting though after I exposed you libeling me though isn't it -> http://yro.slashdot.org/commen... after you've been on a "posting spree" for months now, funny you cease suddenly eh? Not - it had to be done, a little "name & shame" with facts & truths you can't dispute.
No more than anyone here can on my hosts posts (issuing bogus downmods on them, but nobody does on adblock posts & it's SHIT compared to hosts - anyone doesn't *like* that? They're FREE to debate me in my hosts posts, I freely declare it there... only thing is, you've given up even *trying* that since I scorch your asses each time you do, & you KNOW it, hence the hit & run downmods from Lumpy, and yes, you Lumpy won't post where I asked you to since I suspect it WILL show you cheat the easily cheated so-called moderation system here).
APK
P.S.=> Slashdot's BIGGEST problem? You can't face an accuser (even courts of LAW allow that) with downmodders. That says WORLDS about this place, no id'ing the 'detractor/attacker' & it says WORLDS about those who designed it, 1 of 2 things (both are no good): First, it says they are deceitful little backstabbers who operate that way themselves, OR, secondly, that they LIVE ON FIGHTS & arguments (like newspapers do well on, controversial topics, knowing how oddly, even people who hates fighting (me believe it or not, but has to be done @ times) will watch one... & they LIVE on views/posts here or any website, but most allow you to see who your detractor is when that happens on post ratings... NOT this place - THAT needs a fix, bigtime)... apk
Might be me, but I doubt it.
Mapping might be a better word
I use Mikrotik routers at home and in SOHO environments. They have models in all price ranges and are extremely powerful for what you are paying. They run a custom version of Linux (RouterOS) on their proprietary boards which use very little power.
Everyone is: Anyone you MEET, knows more about something than YOU do... we're all idiots, & we're all experts, in something... & the MORE I know/learn? The more I find out I have to learn - especially in computing.
Now I do know 1 thing: When someone LIBELS me, clearly? I am not going to "sit around & take it", especially when it's designed to ruin my professional status OR reputation, e.g. -> http://yro.slashdot.org/commen...
Which THAT, the post parent to it, CLEARLY is (just for me posting FACTS Lumpy couldn't dispute I posted parent to HIS libelous reply to that post parent to his of mine).
Got it? Good...
APK
P.S.=> I wrote the moderation staff here today with a question, & am awaiting their answer/decision - whatever it is? I will ABIDE by it too (unlike you scumbags around here, Lumpy)... apk
But you bought an off-the-shelf PC in 1998 with standard components. I'm talking about a (mythical) fridge with unique components, unique software, unique drivers, etc. Sorry, but an IoT device will likely never run more than a "+ 0.1" version higher of an underlying OS & related software ("+ 0.2" for Linux)--given track records of manufacturers working on old products. They won't open source everything for fear competitors would use it competitively against them. To add, even if they did open source the whole IoT fridge, you're assuming that someone would actively pick up the project... Simply open sourcing something & dumping it on the Internet doesn't mean anyone's actively interested & working on that project.
Windows 3.1x calc: 3.11 - 3.10 = 0.00