Slashdot Mirror
At Least 700,000 Routers Given To Customers By ISPs Are Vulnerable To Hacking
itwbennett writes: More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them. Most of the routers have a 'directory traversal' flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn't new and has been reported by multiple researchers since 2011 in various router models.
You seem to be under the assumption that your hardware, and your compiler are incapable of being attack vectors.
http://cm.bell-labs.com/who/ke...
After my Linksys started dying on a regular basis, I repurposed an old laptop that had been sitting untouched for years into an OpenBSD router. After fiddling with it for a while to get the settings correct, I switched out my old Linksys and haven't had so much as a hiccup since then. The 26 days uptime is ~19 more than my average with the crappy old Linksys, at the cost of a bit more power consumption. At some point I may upgrade my hardware to something lower-power, but so far I'm calling my experiment a sucess.
- "Nobody came out that night, not one was ever seen. But Old Man Stauf is waiting there, crazy sick and mean!"
Wow. You're absolutely right. They charge me $10/mo, and modems are less than $100. That's insane.
You seem to be under the assumption that your hardware, and your compiler are incapable of being attack vectors.
Possible attack vectors vs known attack vectors. I guess you could also add "likely attack vectors" since they keep getting compromised, and not updated. Of course, so does user home equipment.
The big difference is, if I own it, I can upgrade the software, and choose secure passwords. If I rent it, I have to trust that Comcast is a conscientious as I am. Stop laughing!