From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id EF2ED3B2A4 for ; Sun, 3 Sep 2023 13:04:47 -0400 (EDT) Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-26b47df332eso187721a91.2 for ; Sun, 03 Sep 2023 10:04:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1693760687; x=1694365487; darn=lists.bufferbloat.net; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=S6CUHLdxTwef5LL0mOR0cVqTzXK2FQiQJFjX2h4N+2w=; b=p+agBiIt4PhLEX6JyHHWtb2r9Kp0qWfbrsJXSAnp4VeBhwRyt8IlLLHJSXXw5FBgKr WgNnLFNQ4/D+H2/m1rGg4/ATmpvRJ9gdvc0kFwcCK6Q0mLoFLZddhZKf3l/T9WLEHi/j yHGRpmnzVAkjZ51baE9Rq0Ykvk2ZYSvMd529bKxOvcmDwodoEb6JV0W6K8585j0SIJaw gV5w6hpshQuw4Ry1WQwxmz8J3xuQSfaPddKRZ7PjkLNqyCcD1Tu39V9mleCUX4aDPv7M MSSVJt+B7mmvI8CQ/h1jIRDp9iOTuwjUxpkT4FqiwRKDZlu1ttmlTJHDMNrSwwhyDFih 3awQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693760687; x=1694365487; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S6CUHLdxTwef5LL0mOR0cVqTzXK2FQiQJFjX2h4N+2w=; b=lgDYdL6MEmJNKHMsbV0Zu01qc82+2wyvBReBj85KqZFEM3/zYbncrXWOw4ThjlPu1w 43gvKANsANDbLWsGOA7ZH4mgm49IZ3MrRtIKzDax/MN7+Fgk/E6EQ3iSDVZhUjipiTKO zi6VtsZ6ed3z3rbC1UUf59Ytz77wh9DjdG1AkRr+IU9qTdZfgeh+46wkDly1EyWVMoTr FVuP1/nA1QLN6VJMrZT4KnXgX6KPekWZQEQh9KThRk3SxFxtfGATUefQk1ohCi3Ryi7v FaBQc/5hbiWi1/PaG6WTOU+mRR/y+ch2w2t16MOr5wEbpxQ3sek9/HJ81gTF1y7205Wq whEg== X-Gm-Message-State: AOJu0YxrsR5i0/1Sz+2ujbhGQkNeDygHwtE/1OI8p3g+AIp2cAfFpMky mOJo4bdMpv7S2BzybVmXoedKr4v8/WXAIEfdFSrnLlGl X-Google-Smtp-Source: AGHT+IHVK7USEdtLHUqwQwdPY20VUj95BE6/3zs0kwId27/i9+eYjWPlg37ANLUyvzGIBp/yfgUkPI/61lg0zwgLAhU= X-Received: by 2002:a17:90a:9bcb:b0:263:f4cc:a988 with SMTP id b11-20020a17090a9bcb00b00263f4cca988mr5620881pjw.5.1693760686759; Sun, 03 Sep 2023 10:04:46 -0700 (PDT) MIME-Version: 1.0 References: <60AB3DD8-4F9E-46EF-B35D-BC2402675912@redfish-solutions.com> In-Reply-To: <60AB3DD8-4F9E-46EF-B35D-BC2402675912@redfish-solutions.com> From: Dave Taht Date: Sun, 3 Sep 2023 10:04:35 -0700 Message-ID: To: Philip Prindeville Cc: Openwrt Devel , cerowrt-devel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] Mofi still shipping Barrier Breaker (14.07) X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Sep 2023 17:04:48 -0000 The qsdk is on openwrt 15. On Sun, Sep 3, 2023 at 9:51=E2=80=AFAM Philip Prindeville wrote: > > Hi all, > > As we work on the 23.05 release, I was stunned to receive a Mofi MOFI4500= -4GXeLTE-V3 router with 14.07 installed on it as part of my Unlimitedville = enrollment. > > I thought, "wow, this must have been sitting in a warehouse a while! I'd= better update it." So I went to the company's support site, grabbed the l= atest image, flashed it, rebooted and... still running 14.07. > > For those of you too young to remember, Barrier Breaker was released 10/2= 014 and included the 3.10.14 kernel (released 6/2013). > > How is this not cyber security malpractice? A firewall is your first lin= e of defense against cyber attacks. If your firewall has long known, well = documented vulnerabilities and exploits, you might as well not have a firew= all at all. > > I wrote them asking why there wasn't a more recent, more secure release o= f the firewall firmware and this was their response: > > > > Dear Philip, > > You dint seem to know what you are talking about and should leave softw= are to Profesionals like us and relax > > > I hope that most of the companies that use our software are more diligent= , and don't incur repetitional damage to our efforts by continuing to ship = EOL firmware. > > I get that not every company has kernel developers in-house, and frankly,= providing an updated kernel release for their SoC is the manufacturer's re= sponsibility, and MediaTek has not been responsive in this respect (for the= longest time they were shipping a 2.6.36 SDK!). Some of the larger vendor= s (TPLink, ActionTec, Linksys, DLink, Netgear, et al) or their ODM partners= have the option to hold their feet to the fire and make orders contingent = on updated SDK's... I doubt that Mofi does the sort of volume that gives t= hem any leverage. > > But I regress. > > Class Action suits are becoming more prevalent with computer and networki= ng equipment manufacturers, as the public becomes aware of the increasing c= yber security threats as well as manufacturers' implied responsibility to a= ddress vulnerabilities in a timely fashion as they become aware of them. > > I'm calling this out because I honestly hope it's the far outlier in our = ecosystem, and not the rule. > > Sadly, > > -Philip > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel --=20 Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.htm= l Dave T=C3=A4ht CSO, LibreQos