[Cerowrt-devel] EFF's contest at defcon 22: SOHOplessly broken goes looking for attacks against home routers

Dave Taht dave.taht at gmail.com
Fri Aug 1 10:22:08 EDT 2014


At one level, I'm pleased that the EFF is raising awareness of the security
issues home routers have... though I wish they'd pointed to jg's work in
this area http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys

A problem I have with the contest structure is that it doesn't appear that
any third party firmwares are targeted, like openwrt, gargoyle, cerowrt,
dd-wrt, etc, and I do somewhat perversely hope those are targeted also,
because those of us working on those distros ARE in a position to rapidly
update them and inform our userbases... and while we're much more security
conscious overall than the soho router makers, there's always the
possibility we missed something.

It's also not clear if they are targeting common CPE such as cable modems
and DSL routers. These too could use a shaking up. So could all the
whiz-bang new ipv6 based features.

At another level I'm frozen, hovering over my tree, waiting for a possible
flood of zero-days against cerowrt and openwrt and hoping for a chance to
fix them before they hurt anybody, and not getting anything done. I feel
like I have a great big target painted on my back...

Dave Täht

msg sent from a secure, undisclosed location
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140801/d5cc5990/attachment-0002.html>

More information about the Cerowrt-devel mailing list