 jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2 | reply to cableties
Re: Millions of home routers vulnerable...um ok.... I'll tell you...computers sure were a lot more fun before I found this forum. (Just kidding, it's a great Forum).
Still, when you check in each day and are constantly bombarded with threads about new and improved ways to get "owned", one starts to get the feeling none of us stands a chance in hell of not somehow eventually becoming "compromised".
Even I'm started to get a little paranoid these days. 
But hey, I'm still not losing any sleep over this one. 
--
I had a life once.....now I have a Computer and a Modem. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to antdude
Well, yeah...the WRT54GL is much newer...but it has been around for several years. Linksy is not the company they were when I bought my router. I bought Linksy on the basis of their reputation which was changing at the time I purchased mine (but I didn't know that). By the time my router was a little over 2 years old Linksy was a different company support wise. That is not to say that I expect them to fix an almost 7 year old router, but I did expect help, and a fix, when I called them with a problem when the router was just slightly over two years old. I was told I needed to purchase a new router and that mine was no longer supported. A vendor of a popular product called them about the same problem and they told him the same thing...any router over two years old gets NO firmware upgrade and they could care less that their BEFSR41 has a bug in it that means it can't work properly with the vendor's software. The router was over two years old..so, buy a new one and the vendor of the sofware was supposed to tell users of his software that Linksy said to buy a new router if they wanted to use his software. So, don't hold your breath because they may not fix it.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
|
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2
 ·RoadRunner Cable
| reply to jabarnut
said by jabarnut:I'll tell you...computers sure were a lot more fun before I found this forum. (Just kidding, it's a great Forum). Still, when you check in each day and are constantly bombarded with threads about new and improved ways to get "owned", one starts to get the feeling none of us stands a chance in hell of not somehow eventually becoming "compromised". Even I'm started to get a little paranoid these days. But hey, I'm still not losing any sleep over this one. Yep. Same here. I miss the old days but back then we didn't have communication like Internet, BBS', online services, etc. Things were more stable too and simple. Bleh!
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| reply to Mele20
said by Mele20:Well, yeah...the WRT54GL is much newer...but it has been around for several years. Linksy is not the company they were when I bought my router. I bought Linksy on the basis of their reputation which was changing at the time I purchased mine (but I didn't know that). By the time my router was a little over 2 years old Linksy was a different company support wise. That is not to say that I expect them to fix an almost 7 year old router, but I did expect help, and a fix, when I called them with a problem when the router was just slightly over two years old. I was told I needed to purchase a new router and that mine was no longer supported. A vendor of a popular product called them about the same problem and they told him the same thing...any router over two years old gets NO firmware upgrade and they could care less that their BEFSR41 has a bug in it that means it can't work properly with the vendor's software. The router was over two years old..so, buy a new one and the vendor of the sofware was supposed to tell users of his software that Linksy said to buy a new router if they wanted to use his software. So, don't hold your breath because they may not fix it. Yeah, lot of old companies changed like this. It sucks. I wonder how Netgear is doing these days. Their old routers and switches were good back in early 2000s. I didn't buy a their router because I like Linksys WRT54GL's popularity, Linux, and third party supports.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2
1 edit | FWIW, I have a "vulnerable" v1.1 WRT54GL too. And I agree with Mele that I doubt you'll see a new Firmware release, or any other kind of "fix" for that matter, since the last one was (I believe), 4.30.14, released some time back in 2009.
They've moved on to "bigger and better things"...(debatable, of course).
I also have two older version WRT54G's that are supposedly NOT vulnerable (go figure), sitting in my closet.
But I'm just too lazy to drag one of them out, rewire my desk upstairs, and reconfigure it...I'll just take my chances, I suppose.
I have a strong password, and I sleep with a loaded shotgun...that's good enough for me.
--
I had a life once.....now I have a Computer and a Modem. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| said by jabarnut:FWIW, I have a "vulnerable" v1.1 WRT54GL too. And I agree with Mele that I doubt you'll see a new Firmware release, or any other kind of "fix" for that matter, since the last one was (I believe), 4.30.14, released some time back in 2009. They've moved on to "bigger and better things"...(debatable, of course). I also have two older version WRT54G's that are supposedly NOT vulnerable (go figure), sitting in my closet. But I'm just too lazy to drag one of them out, rewire my desk upstairs, and reconfigure it...I'll just take my chances, I suppose. I have a strong password, and I sleep with a loaded shotgun...that's good enough for me. I also use a strong password too. I thought this exploit can bypass that part or am I understanding the issue incorrectly?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2
1 edit | said by antdude:I also use a strong password too. I thought this exploit can bypass that part or am I understanding the issue incorrectly? I think you're understanding the issue incorrectly.
If they did get access to your network, and found the password was something other than "admin", I think they'd move on to the next sucker where things are a lot easier.
But with the information I have so far, who knows...maybe I'm not understanding the issue correctly either. 
(Edit) Oops...changed understanding the issue from "correctly" to "incorrectly"
--
I had a life once.....now I have a Computer and a Modem. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| said by jabarnut:said by antdude:I also use a strong password too. I thought this exploit can bypass that part or am I understanding the issue incorrectly? I think you're understanding the issue correctly. If they did get access to your network, and found the password was something other than "admin", I think they'd move on to the next sucker where things are a lot easier. But with the information I have so far, who knows...maybe I'm not understanding the issue correctly either. Have these routers be seen attacked in real world scenarios yet? I assume we'll find out more from Def Con.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2 | That's the thing...I'm not sure.
I guess according to "security researcher Craig Heffner" (whoever he is), we won't know a whole lot more until the upcoming "Black Hat security conference", where he divulges more information.
I haven't thoroughly read everything about this thing (bits and pieces here and there), but I've still got more important things than this to worry about...at least for now.
--
I had a life once.....now I have a Computer and a Modem. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
1 edit | said by jabarnut:That's the thing...I'm not sure. I guess according to "security researcher Craig Heffner" (whoever he is), we won't know a whole lot more until the upcoming "Black Hat security conference", where he divulges more information. I haven't thoroughly read everything about this thing (bits and pieces here and there), but I've still got more important things than this to worry about...at least for now. Ditto. He might just saying craps. We need proofs! He could be social engineering us to make us panic. :P
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2
1 edit | By the way, I edited my 2nd post above.
From my understanding, they need to figure out your Router's password to do some real damage. (Not that it would be a good thing to be compromised somehow anyway, but the idea is to get access to your Router settings, at least as I understand it).
Then again, sometimes this old noggin' of mine understands very little. 
--
I had a life once.....now I have a Computer and a Modem. |
|
| reply to cableties
From my understanding, OpenDns, doesn't make any difference.
Then I assume one can rule out filtering programs such as HostsMan and its HostsServer as well since it can't be used with that DNSMASQ? |
|
| reply to Mele20
If I recall correctly, you are running some sort of Beta firmware in your Linksys router, so you may or may not have the same vulnerabilities as a "stock" BEFSR41 v3. At this point, Linksys probably doesn't even remember that they had this firmware, so I wouldn't expect them to look it up for you and tell you how vulnerable you are. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | said by daveinpoway:If I recall correctly, you are running some sort of Beta firmware in your Linksys router, so you may or may not have the same vulnerabilities as a "stock" BEFSR41 v3. At this point, Linksys probably doesn't even remember that they had this firmware, so I wouldn't expect them to look it up for you and tell you how vulnerable you are. Yes, I use the "latest" beta firmware (European firmware). It was never offered by Linksy in the USA (they told me American customers were too ignorant to use it...that made no sense as firmware is firmware. If you have downloaded and flashed one beta version of the firmware you can sure do another).
If it depends on cracking your password (which is how I read the exploit) then I am not vulnerable. I can't even crack the password! That is due to a Linksy bug they knew about and refused to fix and didn't even bother to really explain it to the users so we could avoid the bug. I have a random password that I can't crack and I don't think anyone could.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
