<div dir="ltr"><div><br></div><a href="https://www.eff.org/deeplinks/2014/07/your-wireless-router-broken-help-us-fix-it-def-con">https://www.eff.org/deeplinks/2014/07/your-wireless-router-broken-help-us-fix-it-def-con</a><div>
<br></div><div>At one level, I'm pleased that the EFF is raising awareness of the security issues home routers have... though I wish they'd pointed to jg's work in this area <a href="http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys">http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys</a></div>
<div><br></div><div>A problem I have with the contest structure is that it doesn't appear that any third party firmwares are targeted, like openwrt, gargoyle, cerowrt, dd-wrt, etc, and I do somewhat perversely hope those are targeted also, because those of us working on those distros ARE in a position to rapidly update them and inform our userbases... and while we're much more security conscious overall than the soho router makers, there's always the possibility we missed something.</div>
<div><br></div><div>It's also not clear if they are targeting common CPE such as cable modems and DSL routers. These too could use a shaking up. So could all the whiz-bang new ipv6 based features.</div><div><br></div>
<div>At another level I'm frozen, hovering over my tree, waiting for a possible flood of zero-days against cerowrt and openwrt and hoping for a chance to fix them before they hurt anybody, and not getting anything done. I feel like I have a great big target painted on my back...</div>
<div><br clear="all"><div><br></div>-- <br>Dave Täht<br><br>msg sent from a secure, undisclosed location</div></div>