[Cerowrt-devel] EFF's contest at defcon 22: SOHOplessly broken goes looking for attacks against home routers

Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed

From: Dave Taht <dave.taht@gmail.com>
To: "cerowrt-devel@lists.bufferbloat.net"
	<cerowrt-devel@lists.bufferbloat.net>
Subject: [Cerowrt-devel] EFF's contest at defcon 22: SOHOplessly broken goes looking for attacks against home routers
Date: Fri, 1 Aug 2014 10:22:08 -0400	[thread overview]
Message-ID: <CAA93jw5XjWiX7=JfkiR9Djy93=YC7cDqAZf1eYNjoXhnGcGy5Q@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1323 bytes --]

https://www.eff.org/deeplinks/2014/07/your-wireless-router-broken-help-us-fix-it-def-con

At one level, I'm pleased that the EFF is raising awareness of the security
issues home routers have... though I wish they'd pointed to jg's work in
this area http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys

A problem I have with the contest structure is that it doesn't appear that
any third party firmwares are targeted, like openwrt, gargoyle, cerowrt,
dd-wrt, etc, and I do somewhat perversely hope those are targeted also,
because those of us working on those distros ARE in a position to rapidly
update them and inform our userbases... and while we're much more security
conscious overall than the soho router makers, there's always the
possibility we missed something.

It's also not clear if they are targeting common CPE such as cable modems
and DSL routers. These too could use a shaking up. So could all the
whiz-bang new ipv6 based features.

At another level I'm frozen, hovering over my tree, waiting for a possible
flood of zero-days against cerowrt and openwrt and hoping for a chance to
fix them before they hurt anybody, and not getting anything done. I feel
like I have a great big target painted on my back...

-- 
Dave Täht

msg sent from a secure, undisclosed location

[-- Attachment #2: Type: text/html, Size: 1696 bytes --]

                 reply	other threads:[~2014-08-01 14:22 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAA93jw5XjWiX7=JfkiR9Djy93=YC7cDqAZf1eYNjoXhnGcGy5Q@mail.gmail.com' \
    --to=dave.taht@gmail.com \
    --cc=cerowrt-devel@lists.bufferbloat.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox