From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bobcat.rjmcmahon.com (bobcat.rjmcmahon.com [45.33.58.123]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 671C53CB37; Thu, 16 Nov 2023 16:01:04 -0500 (EST) Received: from mail.rjmcmahon.com (bobcat.rjmcmahon.com [45.33.58.123]) by bobcat.rjmcmahon.com (Postfix) with ESMTPA id 858971B252; Thu, 16 Nov 2023 13:01:03 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 bobcat.rjmcmahon.com 858971B252 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rjmcmahon.com; s=bobcat; t=1700168463; bh=PEQYo0FZSNMmX/0g+46rzLydDnxmBw7Rs6ujnVChFQI=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=L4B2G6gV9C7/hVhoCxOhFUOyDI/YPuMBbrT5lGPoUBp1ZhozHu0qB+V/jySA74ZXO XEXLyFb1hg0/W0KDmZiA2jyYiy7Jg0Mg3sbMnntq62SUtKdmPcewKU/HGMme0Sja4W xpD6pQg3tnJvCFRhllqtckFjqNFR/fYV0jizf9TA= MIME-Version: 1.0 Date: Thu, 16 Nov 2023 13:01:03 -0800 From: rjmcmahon To: =?UTF-8?Q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_a?= =?UTF-8?Q?spects_heard_this_time!?= Cc: Make-Wifi-fast , Dave Taht , Avery Pennarun In-Reply-To: References: Message-ID: <6b3c70afecd91c0ea7eaea4e7e653441@rjmcmahon.com> X-Sender: rjmcmahon@rjmcmahon.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [NNagain] Attackers breach plume X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2023 21:01:04 -0000 hmm, there is a claim of breach, "Attackers claim Plume data breach" vs a statement of fact per "Now breached." It's probably most fair to Plume to be as accurate as possible in such communications. Thanks for sharing the "gfiber wifi" deck. Lots of useful information in it. Bob > Plume is one of the biggest sellers of "managed wifi devices". Now > breached. > > https://cybernews.com/news/plume-data-breach/ > > I have not ever used their stuff (why should I hand *any* details of > *my* network to a third party? I trust my builds of openwrt only), but > the last I had heard (5 years ago) was Plume had managed to get > fq_codel running on two out of three devices they had, but not > deployed, so I assumed they were managing little that I cared about, > while sharing stuff I did not want them to have. On the other hand, if > attackers twere white hat in any way - or an independent researcher > were to look over all the files... especially the wifi stats - hoo > boy! what a great global view into wifi behaviors that no-one else has > in the world today. I wonder what that would be worth on the black > market... "hey buddy, you wanna know what fire tv sticks are really > doing on networks?" [1] > > Cross posting this to nnagain in part because of the twisted thought > in a title ii world: > > What is the ISP supposed to do about compromised devices they can see? > In this case the plume OUI MAC address is visible to the edge router. > > What of transient compromise - once breached, other backdoors > installed elsewhere? > > [1] (one thing few knew about chromecast and other wireless stick > devices in 1996 is a huge percentage of them were wedged into a few > inches from the tv to the AP, overdriving the wifi antennas, messing > up the network for everyone) - google's published research here: > https://apenwarr.ca/diary/wifi-data-apenwarr-201602.pdf > > Having never heard a plume rep call anyone and tell them to use a wire > for their tv instead... makes me dispute the value of plumes "managed > wifi" and not having seen a drop of public research out of them and > their insane stock price... ummmm... > > Also the tv sticks, many ap routers, all tablets (well the kindle is > lame), are more than powerful enough to be actively sniffing the air > of not just the local network, but ones nearby.