Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Internet of Compromised Things

Posted by Soulskill on from the points-of-failure dept.

An anonymous reader writes: Jeff Atwood has a post about a security threat that's becoming more prevalent every day: spreading malware through a compromised router. "Router malware is the ultimate man-in-the-middle attack. For all meaningful traffic sent through a compromised router that isn't HTTPS encrypted, it is 100% game over." He links to a thorough technical analysis of how even HTTPS encrypted traffic can be subverted. Atwood provides a list of suggestions for keeping your router safe that probably won't be any surprise to people reading this site, and he further recommends only browsing on an unknown router if encryption is available. What I'm curious about are the long-term implications — is there a way forward to re-establish trust in our router infrastructure? What can the open source community do to speed this along?

5 of 62 comments (clear)

  1. Re:What if the malware is baked in when you buy it by Zontar+The+Mindless · · Score: 2, Insightful

    Or you could, you know, go to an ATM, withdraw some cash, then walk into $shop and buy one there, using the cash...

    --
    Il n'y a pas de Planet B.
  2. Trusted Network Fallacy by Anonymous Coward · · Score: 4, Insightful

    The people who designed the internet had the right idea: Dumb network, intelligent edge. Perimeter security and trusted networks are dead ends. Communication is from endpoint to endpoint. The network shouldn't even matter. You might be running IP over avian carriers if that's what you need to do to get a connection. But if you need to trust the network between the endpoints, you're doing it wrong. Even if you could trust your own router, do you trust the ten or more routers behind it? Ubiquitous encryption and authentication with IPSec is possible with DNSSEC supplying the keys.

    1. Re:Trusted Network Fallacy by Anonymous Coward · · Score: 2, Insightful

      what if your ISP's DNS server is compromised to provide bad information?

      That's why you need to use DNSSEC, and by use I mean verify that you got authentic data, which DNSSEC lets you do.

  3. HTTPS is not the only encryption by Cigaes · · Score: 3, Insightful

    The first thing I notice about that article is that it help spreading the misconception that HTTP is the only use of Internet and HTTPS the only encryption scheme. I must say, I feel much safer knowing my SSH sessions are not HTTPS-encrypted, because the certification mechanism is completely broken.

  4. Re:The entire friggin' internet is compromised by rmdingler · · Score: 3, Insightful

    This is unfortunately the ugly reality: the internet as we knew it is dead. What many dreamed would be an empowering tool for the masses became the ultimate instrument of power and control for the Ruling Elite.

    To be fair, it's actually a little bit of both.

    Having access to all the compiled knowledge of mankind is empowering for any and every person with internet access, as is being essentially free to contact nearly every other Worldly citizen via the web. The ability to monitor an individual's access to that information is maddeningly power grubbing for the government's surveillance state.

    Being realistic, if it was not advantageous to the ruling elite, would they let us keep it?

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway