At one level, I'm pleased that the EFF is raising awareness of the security issues home routers have... though I wish they'd pointed to jg's work in this area http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys

A problem I have with the contest structure is that it doesn't appear that any third party firmwares are targeted, like openwrt, gargoyle, cerowrt, dd-wrt, etc, and I do somewhat perversely hope those are targeted also, because those of us working on those distros ARE in a position to rapidly update them and inform our userbases... and while we're much more security conscious overall than the soho router makers, there's always the possibility we missed something.

It's also not clear if they are targeting common CPE such as cable modems and DSL routers. These too could use a shaking up. So could all the whiz-bang new ipv6 based features.

At another level I'm frozen, hovering over my tree, waiting for a possible flood of zero-days against cerowrt and openwrt and hoping for a chance to fix them before they hurt anybody, and not getting anything done. I feel like I have a great big target painted on my back...

--
Dave Täht

msg sent from a secure, undisclosed location