[Cerowrt-devel] friends don't let friends run factory firmware

[Cerowrt-devel] friends don't let friends run factory firmware

[Dave Taht]

https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-new-attack/

-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Cerowrt-devel] friends don't let friends run factory firmware

[David P. Reed]

[-- Attachment #1: Type: text/plain, Size: 2092 bytes --]


Well, pots and kettles - I bet there are, amongst the huge numbers of LEDE/OpenWRt packages, some very useful DDoS amplification concerns. So it's really not a strong proof of the claim that "factory firmware" is bad.

My own home border router I built myself, and yet it acquires new problems with new updates (as well as having some fixed).

And, one thing that scares the bejeezus out of me is the passion for stuff like code allowing injection of binary code into the kernel (eBPF) being thrown into the Linux Kernel for "performance reasons". Hacking the clever network developer has never been easier - just throw them some complicated and subtle code that runs in the kernel that "everybody thinks is the coolest new thing". Here's the description of eBPF from the documentation I use: "The extended BPF (eBPF) variant has become a universal in-kernel virtual machine, that has hooks all over the kernel. " Lovely. So userspace can make the kernel do completely untestable things.
 
There are lots of great things about creating the freedom to experiment, modify your own devices' firmware, etc. I think the existence of that community makes the world generally safer (more eyeballs, more innovation, etc.).
 
But this idea that everybody benefits by running some non-standard firmware they choose for themselves?  That's bizarre to me, unjustifiable by any very good argument.
 
UBNT here seems to be doing the right thing - developing an update and distributing it to all its customers.

-----Original Message-----
From: "Dave Taht" <dave.taht@gmail.com>
Sent: Monday, February 4, 2019 3:41pm
To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>
Subject: [Cerowrt-devel] friends don't let friends run factory firmware

https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-new-attack/

-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

[-- Attachment #2: Type: text/html, Size: 2961 bytes --]

Re: [Cerowrt-devel] Friends don't let friends run factory firmware

[Rich Brown]

More excitement...

https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633

Re: [Cerowrt-devel] Friends don't let friends run factory firmware

[Dave Taht]

While we are at it. (wobbly wednesday)

http://www.ioactive.com/news-events/IOActive_advisory_belkinwemo_2014.html

Don't leave home with it on.

At least they left the signing keys for the certificate in the
firmware, so that bad guys can exploit it, and good guys, improve it.



On Tue, Feb 18, 2014 at 5:10 PM, Rich Brown <richb.hanover@gmail.com> wrote:
> More excitement...
>
> https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] Friends don't let friends run factory firmware

[Dave Taht]

On Tue, Feb 18, 2014 at 5:13 PM, Dave Taht <dave.taht@gmail.com> wrote:
> While we are at it. (wobbly wednesday)
>
> http://www.ioactive.com/news-events/IOActive_advisory_belkinwemo_2014.html
>
> Don't leave home with it on.
>
> At least they left the signing keys for the certificate in the
> firmware, so that bad guys can exploit it, and good guys, improve it.
>
>
>
> On Tue, Feb 18, 2014 at 5:10 PM, Rich Brown <richb.hanover@gmail.com> wrote:
>> More excitement...
>>
>> https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633

I was incidentally quite surprised to see the original limited scope
of the DNS changer worm. I didn't think we'd busted the folk involved
in the scam soon enough, nor was I happy with the ensuing publicity,
nor with how long it took for Paul to be able to turn off the the
servers supplying the (4+m) busted routers with corrected data.

The world has been ripe for the same attack or worse, across over half
the home routers in the universe, as
well as much CPE.

This is in part why I'm so adamant about getting DNSSEC support "out
there", adding sensors to cerowrt,
improving security, doing bcp38 and source sensitive routing and the like.


>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] Friends don't let friends run factory firmware

[dpreed]

Apropos of this topic construed broadly, just got the following in my email.  I'm thinking about a MicroZed network appliance anyway, so a PMOD interface is interesting because that's the MicroZed peripheral standard.  But wouldn't it be nice if one could have this kind of authentication in a router?  

http://www.maximintegrated.com/app-notes/index.mvp/id/5822

It's a nice little chip, easy to interface to almost anything.  Pretty easy to make a PCB that can be added to almost any commercial "home router".



On Tuesday, February 18, 2014 5:21pm, "Dave Taht" <dave.taht@gmail.com> said:

> On Tue, Feb 18, 2014 at 5:13 PM, Dave Taht <dave.taht@gmail.com> wrote:
>> While we are at it. (wobbly wednesday)
>>
>> http://www.ioactive.com/news-events/IOActive_advisory_belkinwemo_2014.html
>>
>> Don't leave home with it on.
>>
>> At least they left the signing keys for the certificate in the
>> firmware, so that bad guys can exploit it, and good guys, improve it.
>>
>>
>>
>> On Tue, Feb 18, 2014 at 5:10 PM, Rich Brown <richb.hanover@gmail.com> wrote:
>>> More excitement...
>>>
>>> https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633
> 
> I was incidentally quite surprised to see the original limited scope
> of the DNS changer worm. I didn't think we'd busted the folk involved
> in the scam soon enough, nor was I happy with the ensuing publicity,
> nor with how long it took for Paul to be able to turn off the the
> servers supplying the (4+m) busted routers with corrected data.
> 
> The world has been ripe for the same attack or worse, across over half
> the home routers in the universe, as
> well as much CPE.
> 
> This is in part why I'm so adamant about getting DNSSEC support "out
> there", adding sensors to cerowrt,
> improving security, doing bcp38 and source sensitive routing and the like.
> 
> 
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> Cerowrt-devel@lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>> --
>> Dave Täht
>>
>> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
> 
> 
> 
> --
> Dave Täht
> 
> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
> 

Re: [Cerowrt-devel] Friends don't let friends run factory firmware...

[Rich Brown]

Saw this on Network World…

http://www.networkworld.com/news/2014/010914-default-settings-leave-external-hard-277555.html