FTC Forces Asus To Improve Router Security

An anonymous reader writes: The FTC is actively trying to make sure that companies secure the software and devices that they provide to consumers, and a settlement with Taiwan-based hardware maker ASUSTeK Computer is one step towards that goal. The complaint was raised after well-meaning hackers exploited a weakness on Asus routers and left note on victims' drives notifying them of the matter. Later, a researcher discovered an exploit campaign that abused vulnerabilities to change vulnerable routers' DNS servers. According to the settlement, the company will have to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

That's NOT a bug!

[HexaByte]

That's not a bug, it's a feature!

Re:That's NOT a bug!

[MobSwatter]

More like: "If it doesn't have a back door for us to check it, then it is not secure".

Nope

This forces procedure changes. It doesn't force improved security.

It's a good thing. But, don't get a false sense of security.

Overreach much?

[CaptSlaq]

I guess Caveat Emptor is now being taken care of by mother government...

Re:Overreach much?

[gstoddart]

We don't want caveat emptor for this shit, we want companies who are accountable for the security of the products they make.

Do you want to live in a world where security boils down to "too bad, suckers"?

This bullshit of caveat emptor is why we have such shit security on the web in the first place.

More companies need to get their knuckles rapped and have penalties when they do an incompetent job at securing such stuff.

Re:Overreach much?

OK, is Microsoft next?

Re:Overreach much?

[LichtSpektren]

OK, is Microsoft next?

I was about to post the exact same thing. I'm glad the foreign company was censured for its bad security practices, but when does our home-grown American company get the same?

Re:Overreach much?

Microsoft actively patches their software. Perhaps we should look at penalties for the glibc devs though.

Re:Overreach much?

Caveat emptor (which in this case boils down to: let the purchaser manage their own security patches) would be working fine if the consumer were allowed to install said patches from any trusted source willing to compile them.

But the router manufacturers, at FCC behest, are blocking third-party firmware on any device that gives the software access to radio settings that affect compliance. Many of these third-party firmware distributions are not only more up-to-date than the original, but actually easier to update.

It's a problem of the government's creation.

Related: http://yro.slashdot.org/story/16/02/18/1423216/tp-link-begins-lockdown-of-firmware-in-response-to-fcc

Re:Overreach much?

[wbr1]

Yeah, because the invisible hand of the market takes care of it so well.

While we are at it, lets make seatbelts and airbags manufacturer optional as well. Oh and no oversight of drug and vaccine manufacturer.
Lead paint and toxic chemicals in your kids toys? Caveat emptor mother fucker, you should have known. Go check all the factories for all the parts in their toys and make an informed decision.
Oh, the chemical waste dump in your backyard? Caveat emptor again.. you should never have invited that company into town.

There is no question that regulations can overreach. There is no question that they introduce bureaucracy and potential for corruption and graft. On the whole though we are better for many of them.

Re:Overreach much?

[Aaden42]

Caveat Emptor is limited by sanity in areas where the state of the art is well beyond what you could reasonably expect the average consumer to know or be able to appraise for themselves.

Car analogy: It's unlikely that most readers could look at a vehicle they desire to purchase and determine whether its brakes work properly or are likely to fail under normal driving conditions, whether its airbag might be badly designed and not deploy (or deploy at inappropriate times), etc. So we trust government regulators to establish certain minimal safety standards and enforce car manufacturers' compliance with them.

Many readers here might be able to evaluate a router we have in our hands for obvious security issues. Few of our parents or grand parents could do so. Likewise, none of us could evaluate such things before purchase for a device we've never powered on. Given the importance and ubiquity of consumer network routers, it seems reasonable to hold manufacturers to a higher standard than, "Oops... Sorry we left your entire home network open to the Internet and anyone driving by. Here's a patch (maybe)."

Re:Overreach much?

We don't want caveat emptor for this shit, we want companies who are accountable for the security of the products they make.

Do you want to live in a world where security boils down to "too bad, suckers"?

This bullshit of caveat emptor is why we have such shit security on the web in the first place.

More companies need to get their knuckles rapped and have penalties when they do an incompetent job at securing such stuff.

They've tossed a pebble into the ocean of security vulnerabilities with assuming no other security vendor out there makes shitty products. This kind of oversight should be applied to every applicable vendor.

And I hope and pray the IoT vendor community gets their dicks slapped hard with a mandate like this, but chances are that "class" of insecure-by-default systems will apply for some kind of bullshit security waiver to avoid actually having to implement real security.

Re:Overreach much?

[ITRambo]

One can only hope. Why should MS get awa

Re:Overreach much?

[Fire_Wraith]

Caveat Emptor is fine with things that a consumer should be reasonably expected to notice or be aware of, and/or that aren't inherently life threatening. If I buy used furniture on Ebay or Craigslist, I should know that I'm taking a risk. On the other hand, things like tainted food? Yes, I want the government regulating that. What about things like lead paint on Childrens' toys? I sure wouldn't be able to tell the difference at a glance, so yes, absolutely.

Things like computer security? I don't expect that the government is necessarily going to be the one testing everything, but I'm perfectly happy with the government instituting penalties for companies that sell a supposedly "secure" product that turns out to be complete bullsh*t full of more holes than swiss cheese, because penalties are pretty much the only thing that's going to really get companies to take things seriously, at least in the SOHO market.

Re:Overreach much?

[LichtSpektren]

Microsoft actively patches their software. Perhaps we should look at penalties for the glibc devs though.

You are tragically misinformed. glibc has been patched. On the other hand, MS has decided not to support Windows Vista in its totality up to its contractual EOL date.

Re:Overreach much?

Microsoft actively patches their software.

Well, sure.

Especially if you like calling an entire fucking operating system being electronically shoved down your throat as a "patch".

Open wider, bitches, Microsoft patched their dick to a bigger one. Oh, and one more thing; fuck your privacy.

Re:Overreach much?

[edtice1559]

This is one time when a car analogy is about perfect.

Re:Overreach much?

[penguinoid]

I guess Caveat Emptor is now being taken care of by mother government...

In historical times, a dishonest merchant would be put to death. No one likes lying liars, they had better beware of us. Else, uh, "Death of a Salesman".

Re:Overreach much?

[cyber-vandal]

US law doesn't apply to the whole world but I don't see hardware vendors behaving any better in the rest of the world.

Re:Overreach much?

[CaptSlaq]

We don't want caveat emptor for this shit, we want companies who are accountable for the security of the products they make.

Do you want to live in a world where security boils down to "too bad, suckers"?

This bullshit of caveat emptor is why we have such shit security on the web in the first place.

More companies need to get their knuckles rapped and have penalties when they do an incompetent job at securing such stuff.

OK, if "Caveat Emptor" is an unacceptable solution for routers, what about phones? Verizon is notoriously slow at getting modern updates to its customers. Operating systems? Other IOT devices like lightbulbs and their respective controllers? Other software that's not completely self-contained/network unaware?

Are we going to lease hardware from everyone just to make sure we're all secure, so that the manufacturer will patch it for us, at least until they want to sell a newer model?

If we aren't going to lease hardware from everyone, does said hardware have to go away because we can't patch it (FTC rules say "no third party firmware on routers") and are we expected to replace something that works otherwise?

Is modern life so arcane and difficult that an average person can't have a remote possibility of actually being secure?

The middle ground has been "Caveat Emptor". While it's not great, I don't know that there is a good solution that doesn't drive up the price of a commodity device/product to "investment".

Re:Overreach much?

The default stance of the hardware vendors seems to be to not do anything that blocks OpenWRT, DD-WRT, and the rest (after all, blocking them would require effort). That behavior lets me stay secure, just by following a checklist (open telnet session to factory firmware, copy+paste this command, wait 3 minutes and it has rebooted with OpenWRT. After that, updates are a button in the web interface). Are things different for hardware designed and sold in the EU/Asia/SA?

But the US government wants that to stop, because horrors I might edit a configuration file and unlock access to a channel outside the USA NII (unlicensed operation) band.

Re:Overreach much?

[myowntrueself]

We don't want caveat emptor for this shit, we want companies who are accountable for the security of the products they make.

Do you want to live in a world where security boils down to "too bad, suckers"?

Sounds like North America. Coming from the UK to North America is a bit of a shock from a consumer protection point of view. In the UK a product must be, among other things, fit for the specific purpose it was bought for. So if I go to a shop and pick up some widget and ask the shop person "Can I use this widget for this specific job (explaining the purpose)?" and he says "Yes." and I buy it and find that it doesn't work for that specific job then I get to go back and get a refund. No bullshitting me with "You can buy another thing from our shop and we'll give you credit" an actual REFUND. Thats just one example.

You have to be SO careful shopping in North America. Its totally a 'caveat emptor' kind of place.

Re:Overreach much?

[myowntrueself]

OK, is Microsoft next?

I was about to post the exact same thing. I'm glad the foreign company was censured for its bad security practices, but when does our home-grown American company get the same?

This hasn't been true of MS for some time. They are actually pretty good now.

This post is about to be modded to oblivion as a troll, but I'll say it anyway. Last year OSX and iOS each had more security vulnerabilities than any Microsoft product. They had more vulnerabilities than FLASH.

(Yes, on /. a factual statement is a troll if it casts Apple in a bad light)

Re:Overreach much?

[spire3661]

I cant speak for all states, but in mine, refunds are not required EXCEPT in cases where items are sold that are unfit for purpose. We have roughly the same protections, just different ways of going about it. Also, those guaranteed 2 year warranties in europe end up baked into the final price one way or another. You are paying for that extra year no matter what. Dont get me wrong the EU has some good consumer protections, but its not all that different than the US.

Re:Overreach much?

OK, is Microsoft next?

I was about to post the exact same thing. I'm glad the foreign company was censured for its bad security practices, but when does our home-grown American company get the same?

This hasn't been true of MS for some time. They are actually pretty good now.

This post is about to be modded to oblivion as a troll, but I'll say it anyway. Last year OSX and iOS each had more security vulnerabilities than any Microsoft product. They had more vulnerabilities than FLASH.

(Yes, on /. a factual statement is a troll if it casts Apple in a bad light)

Except the entire Windows 10 OS is a giant spy program — here's an ad that showed up in my email today.

http://www.softorbits.com/windows-10-privacy-protector/

Although I suppose MS should be applauded for providing new opportunities for writers of security software. :-/

Re: Overreach much?

Damn government overreach. This sort of thing is best left to the private sector. The free market is perfectly capable of providing safe, honest products.

Re:Overreach much?

[davecb]

You just described how the statute of fraud works, even in the US: Burroughs got sued for shipping machines so unspeakably bad they were "not suitable for the purpose sold", and lost. See http://www.nytimes.com/1981/10...

Re:Overreach much?

[davecb]

Alas, they already are. Idiots!

Re:Overreach much?

[myowntrueself]

You just described how the statute of fraud works, even in the US: Burroughs got sued for shipping machines so unspeakably bad they were "not suitable for the purpose sold", and lost. See http://www.nytimes.com/1981/10...

I think the UK version is actually stronger; it doesn't have to just be fit for the purpose that it was made for. If the customer specifies a novel use case in the shop and the shop says it can fulfil that specific use case and it can't thats a refund.

FTC should force the routers to have APPS!

Modern app appers know that ONLY apps can app apps, so they should force ASUS to use APPS on their routers instead of LUDDITE firmware!

Apps!

Re: FTC should force the routers to have APPS!

I like these. They are funny.

Whoa, easy on those headlines

Did anyone else read the headline as:

FTC Forces Anus To Improve Router Security

?

Re:Whoa, easy on those headlines

[bahrdo]

Did anyone else read the headline as:

FTC Forces Anus To Improve Router Security

?

"FTC has hand in Asus plugging hole in exploited router firmware." Better?

Re:Whoa, easy on those headlines

"FTC plugs Asus's Massive Hole"

Insert Goatse link here...

Re:Whoa, easy on those headlines

"As seen on Windows Anal Probe 10!"

sadly, Asus is one of the better ones

[Voyager529]

I've generally preferred Asus routers to its peers for quite some time. They've been great with providing firmware updates four years after release (d-link, I'm looking at you), doing simultaneous dual-band as advertised (netgear, I'm looking at you), their firmware is responsive and generally very stable (Belkin, I'm looking at you). Their mid-range units support multi-wan and make excellent print servers, and they've been very supportive of the modding community - most of their gear supports merlin, padavan, ddwrt, openwrt, and tomato, and their recovery mode is near-brickproof.
Yes, it's obnoxious that they had security issues, and yes, I replaced my N56U with a linksys ea6900 (and regretted until tomato was installed), but they're definitely better than most in my experience.
More to the topic, I wonder if this will yield some case precedent for these requirements industry wide. I can dream...

Re:sadly, Asus is one of the better ones

[CanEHdian]

The N56U is still adequate for many uses, but does not receive any security updates anymore. That's where the real problem is.

Re:sadly, Asus is one of the better ones

Sure, dirty needles are still adequate for many users...........

Re:sadly, Asus is one of the better ones

[thona]

SERIOUSLY? Amazing. Your low standards, that is. Have a look at Mikrotik - not for someone not knowing what they do, but THEY do updates for TONS of years, are cheap and provide serious enterprise grade features. From a super cheap 40 USD router to a 36 core backbone router.

Re:sadly, Asus is one of the better ones

SERIOUSLY? Amazing. Your low standards, that is. Have a look at Mikrotik - not for someone not knowing what they do, but THEY do updates for TONS of years, are cheap and provide serious enterprise grade features. From a super cheap 40 USD router to a 36 core backbone router.

"...researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers – particularly routers powered by MikroTik..."

Speaking of low standards, were you trying to provide a good alternate solution with your comments here, or were you trying to help identify yet another company that should be awaiting 20 years worth of security audits? Just curious...

Re: sadly, Asus is one of the better ones

[Voyager529]

Good call. I just checked their site, and you're right - it's been nearly a year since their last update, which is strange because they still sell them new, and before that, updates were released several times a year. I'm still going with "better than most" because my linksys required a bootloader flash to get third party firmware working, especially notable because the ea6900 has a well documented bootloader issue that the patch fixed.

I'm genuinely curious if any other router OEMs have a better track record. Someone else in the thread mentioned Microtek, but I've never heard of them - they don't seem to be stocked at Microcenter, Newegg, or ADI, so I've just never run into them.

Re:sadly, Asus is one of the better ones

SERIOUSLY? Amazing. Your low standards, that is.

Have a look at Mikrotik - not for someone not knowing what they do, but THEY do updates for TONS of years, are cheap and provide serious enterprise grade features. From a super cheap 40 USD router to a 36 core backbone router.

I'm not sure where this idea that "frequent updates means better" came from, but it's a bunch of crap. I'd rather have firmware that only needed an update on rare occasions, than one which is so crappily made that there's a new patch coming out every week. The frequency of updates is not a good metric to measure the firmware stability or security on. Rather, it should be measured on how often problems crop up and how quickly they are patched, and how many of the updates are actually adding features as opposed to playing 'whack a mole' with exploits.

Re: sadly, Asus is one of the better ones

[...]Microtek[...]

Do you mean Microtik? Might be why nobody can find what you're asking for.

Schizophrenia Government Regulations

[dav1dc]

Apple, you have TOO MUCH security!

ASUS, you have TOO LITTLE security!

Make up you're friggin' mind Uncle Sam... Security is either good for everyone, or bad.

Re:Schizophrenia Government Regulations

[Opportunist]

Apple's security keeps the government from meddling with your data.

ASUS' lack of security allows you to replace their shot firmware with one that keeps government from meddling with your data.

Makes sense now?

Re:Schizophrenia Government Regulations

[Frobnicator]

Apple, you have TOO MUCH security!

Close. That order is being challenged and is probably not lawful. See the other discussions and legal analysis for details. Think in terms of stick and carrot. Generally the government can offer a carrot, can remove carrots offered elsewhere, can tie one carrot to another, but it takes some severe problems before they bring in a stick. For defects problems, the stick is usually recalls.

If the government treated too much security as a defect or violating some law, the government could probably find a way to force Apple to stop selling or to recall existing devices.

But that is probably the most extreme consequences that the government could impose: trade sanctions or an order to stop selling or to recall devices. The order they are facing to help invent something new could be tied to other carrots and be made legal, but since it is a stick with penalties for non-compliance of not inventing something or not speaking something or violating something that has had several recent unanimous SCOTUS decisions about bulk/automated system versus individual/manual processes as precedent against it, the order probably isn't legal.

ASUS, you have TOO LITTLE security!

Again, close. This is more like a recall on a defective product. The FTC says security is not up to standard, certain features were advertised as secure but were not, and that they did not notify consumers about certain known defects.

Just as above, the biggest message they can send to ASUS is that they could be forced to stop selling or to recall existing devices since they seem defective.

Since ASUS wants to continue selling devices, they are agreeing to a settlement to help people fix the biggest problems and help make the existing products less defective. That is an alternative to a recall.

Re:Schizophrenia Government Regulations

Asus firmware is actually very good. It is the best consumer router firmware. It is OpenWRT based.

Forget any router that...

[bobbied]

Doesn't have a third party firmware option available. End of Rant..

Personally, I use a couple of Linksys offerings that have excellent OpenWRT support. I have a fleet of WRT4300's and a 1900ac that actually come with a variant of OpenWRT and are well supported. They all have Layer 2 capable switch hardware (so you can do VLAN stuff) which is nice. The WRT4300's are about $40 used on E-,Bay and the 1900AC retail at about $135 new and $120 used. Running OpenWRT gives you a lot of capability.

Mis-marketing is bad

[davidwr]

Leaving routers wide-open to attack AND MARKETING THEM AS SUCH is not.

If Asus had marketed these as "here's a router, here's how you can hack it, here's how to plug the holes, and please don't do anything stupid like put it on a public network without fixing the holes and changing the passwords first"

and sold it to hobbyists rather than regular consumers, then there wouldn't (or rather, shouldn't) be any reason to drag the FTC into the matter.

Huh? Ok, where's the catch?

[Opportunist]

The FTC, of all the entities that could possibly muscle in on this matter, wants a company to do something to increase consumer safety?

Ok, what does the story not tell? Are they going to demand that the routers be locked down to the point where the customer has no way of replacing the crappy firmware with something usable?

Double standard?

The government can force a company to harden its encryption (ASUS) but not soften it (Apple)? I'm on Apple's side in their conflict with the FBI, but I think this case with ASUS illustrates the primitive state our laws are in.

who you know

TP-Link routers ship w/ 11 yr old OpenSSL. Netgear & dlink ship with root access backdoors.

3rd party firmware

DD-WRT or Tomato if can't run either I get neither.

The FCC prevents users from securing their routers

[Britz]

All the while the FCC and the EU are working on preventing users from protecting themselves by modifying the routers firmware:

http://tech.slashdot.org/story...

Now we feel safe, alrighty.

So the US FTC wants a Chinese manufacturer to provide security for Americans on the internet. That sounds about right. Heaven knows the US government has always kept our personal data secure.
Just one question.
Where is the FCC positioned in this cluster-fuck.

I just bought an Asus router.

[BitterOak]

I just bought an Asus router (RT-N12). Does anyone know if it is exploitable? I'd heard Asus was one of the better ones. I've heard that Tomato runs on this model. Should I switch my firmware to Tomato, or is it sufficient to upgrade to the latest firmware from Asus?

Re:I just bought an Asus router.

I have a couple of them. The stock firmware, IMHO, sucks and seems to be designed to barely work because they know people are going to replace it with third-party stuff. Mind you, I haven't looked at the newer versions of the firmware, and I imagine they're somewhat improved.

Re:The FCC prevents users from securing their rout

[tlhIngan]

All the while the FCC and the EU are working on preventing users from protecting themselves by modifying the routers firmware:

Only to prevent transmitting outside of the appropriate bands.

That's all the FCC cares about, and they want protections put in place to prevent a user from using say, channel 14 in North America.

Now, until now, most manufacturers simply used location specific firmware to lock down the transmit channels, but the next generation set will probably incorporate protections stored elsewhere - either an EEPROM, or maybe even fuses blown on the radios itself that say what channels are allowed. Which means it doesn't matter what software says - the hardware (or radio firmware, which is unmoddable) locks out the request to change to an invalid channel.

Anyhow, it's really a case more of manufacturers not taking responsibility for their product - no more "sorry, your product is unsupported" come time for a manufacturer-introduced vulnerability.

DD-WRT

[cerberusss]

Just flash these routers with DD-WRT. I found an old router that I got for free some time ago from SamKnows (an European company doing broadband performance measurement). When the campaign was finished, the thing was just lying in a cupboard. Got it revived with DD-WRT and it works fine now. Great stuff!

Re:DD-WRT

[bobbied]

I use OpenWRT myself on a fleet of Linksys and Netgear offerings... I'm with you though, I only use hardware for which there is third party open source firmware available.

Re:DD-WRT

The NeTGER C7000 modem/router and R7000/R8000 routers can't have third party software such as DDWRT etc installed on them. Most routers firmware now have security certificates that prevent modification.

It would be better if the firmware could be reflashed with Linux to do the routing and modem stuff.

Summary doesn't make sense

"The complaint was raised after well-meaning hackers exploited a weakness on Asus routers and left note on victims' drives notifying them of the matter."

Do Asus routers have drives? I doubt it.

Re: Summary doesn't make sense

Presumably hacked through the router to the devices behind it. I'm not interested enough to go and check.

Re:The FCC prevents users from securing their rout

Your wrong! For Christ sake. GO READ WHAT IS HAPPENING from the people that *know what they are talking about* and work in the industry! The Save Wifi coalition which is made up of developers including those which have designed the wifi chipsets, lawyers with a technical and legal comprehension of the FCC rules, and key representatives from major router manufacturers. The group has repeatedly stated that the result of the FCC rules regardless of the claimed intent is going to result in manufacturers locking devices down. Manufacturers are already locking down devices as a direct result of these rules.

1. Here is a summary that never made it to Slashdot:

http://slashdot.org/submission/5574003/tp-link-confirms-wifi-freedom-is-dead--all-routers-to-be-locked-down%26gpsrc%3Dgplp0&btmpl=popup#identifier

2. Here is confirmation from one rep from TP-Link that they will be locking down *all* new routers as a direct result of the new rules (and they aren't the only ones, Buffalo, Netgear, Rosewill, and others have stated this or it can be seen that they are doing it):

http://ml.ninux.org/pipermail/battlemesh/2016-February/004379.html

3. You can read the older comprehensive post about the issue from a key Save Wifi participant here:

http://prpl.works/2015/09/21/yes-the-fcc-might-ban-your-operating-system/

4. You can read the newer post here:

http://wwahammy.com/seriously-the-fcc-might-still-ban-your-operating-system/

5. You can contribute funds to fight this here:

https://www.gofundme.com/save_wifi_round_2

(original round of funding was https://www.gofundme.com/savewifi)

APK Hosts File Engine 9.0++ SR-4 32/64-bit... apk

APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.start64.com/index.p...

Gets data for blocking ads, trackers + known bad sites via 10 reputable security community sites.

* Accept NO substitutes!

(Better resources in power/cpu/ram + other IO than locally setup DNS servers AND certainly less problems in security than routers have been showing for years now too...)

APK

P.S.=> Does more for speed (hardcoded favorites + adblocking), security (adblocking + blocking known bad sites/servers & dns issues avoiding DNS), reliability (vs. downed or dns poisoned dns), & anonymity (avoids dns request logs) vs. ANY other SINGLE "so-called -solution'" out there, bar-none, for less using what you already natively have - unlike "AlmostALLAdsBlocked", UBlock, Ghostery etc. it's also not detectable & blockable by ClarityRay/BlockIQ + it uses FAR LESS RESOURCES yet does far more (especially vs. DNS security issues)

... apk

oi Asus

[Limitless_Potential]

fix your stuff but not too much

Re: oi Asus

I just bought the rt-n66u. I know, it's not ac. I'm on fios and can't use it at all. Still I think once flashed will work fine regardless.

Re:The FCC prevents users from securing their rout

It's simpler to lock the entire router than to lock only the radio firmware, and ensure that the unlocked part of the firmware talks only to the approved radio firmware.

Guess which route the manufacturers will take. Don't think twice.

Re:The FCC prevents users from securing their rout

[davecb]

The good part is this is a proposed rule-making, and the FCC doesn't actually want to mess up Vint Cerf and Dave Taht. IMHO it was a bug in their spec (;-))

The bad part is that several vendors think that locking down the entire router is a good and cheap idea, and that no-one like the FTC will object.

The good part is that the FTC does exist, after all, and there is now a growing community of people with locked-down routers that contain a compliance-critical bug, on that takes the router right out of compliance (the glibc dns bug, if it's as bad as we fear).

Those vendors will now need to fix every locked-down device they've shipped with the bug, for free, or look forward to both a class-action suit and petitions to the FTC to ban them from the US.

--dave (Lawyers planning a suit, please post here, especially Canadian ones) c-b

Re:The FCC prevents users from securing their rout

[davecb]

Fusable links would be excellent, but the usual hack is to lock down everything in software, which IMHO is suicidally shortsighted.

Re:The FCC prevents users from securing their rout

[davecb]

IMHO, those vendors will get FTC bans and class-actions suits. Please! Starting tomorrow, by preference (;-))

Re: APK Hosts File Engine 9.0++ SR-4 32/64-bit...

Can I install it on my router?

APK Hosts File Engine 9.0++ SR-4 32/64-bit... apk

APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.start64.com/index.p...

Gets data for blocking ads, trackers + known bad sites via 10 reputable security community sites.

* Better on power/cpu/ram+ other IO resource use vs. local DNS servers & certainly less security issues vs. DNS servers + routers - Blocks all ads + known bad sites, all the time (not like "AlmostALLAdsBlocked" bribed by google to let ads through)

APK

P.S.=> Does more for speed (hardcoded favorites + adblocking), security (adblocking + blocking known bad sites/servers & dns issues avoiding DNS), reliability (vs. downed or dns poisoned dns), & anonymity (avoids dns request logs) vs. ANY other SINGLE "so-called -solution'" out there, bar-none using what you already natively have. Unlike Adblock\UBlock\Ghostery it's also not detectable & blockable by ClarityRay/BlockIQ + it uses FAR LESS RESOURCES yet does far more (especially vs. DNS security issues)

... apk

225++ proofs routers alone = lousy security

See subject & I provided for Ash-Fox prove of it here http://slashdot.org/comments.p...

(See Routers alone = shit (here's proof #1-15/15) titled posts there - & THAT IS ONLY A FRACTION OF WHAT WENT ON & STILL IS GOING ON TO THIS VERY DAY for using them for 'security' alone!)

* It appears nothing can fix it.

(NO, not even my program's data. The problem's largely in their configuration OR software in the course of my reading those articles over time I bookmarked...)

APK

P.S.=> Wish I could help, but I can't on that much - however, I DO HELP by providing my program to help others on that front of security (& speed, + reliability too)... apk