Welcome · log in · join

Security → Wall St Journal says ALL routers are unsafe

uniqs
1374

« Microsoft Warns Windows 7 Has Serious Problems • There are no secure smartphones. »
page: 1 · 2 · next

glnz join:2006-11-26 New York, NY	glnz Member 2016-Jan-18 3:50 pm Wall St Journal says ALL routers are unsafe See this article from Wall Street Journal: »on.wsj.com/1RPtj5B
	· actions · 2016-Jan-18 3:50 pm ·

MacGyver join:2001-10-14 Russell, ON kudos:2	MacGyver 2016-Jan-18 3:58 pm Uh, no, the article does not claim that all routers are unsafe.
	· actions · 2016-Jan-18 3:58 pm ·
Blackbird Built for Speed Premium Member join:2005-01-14 Fort Wayne, IN kudos:4 ·Frontier Communi..	Blackbird to glnz Premium Member 2016-Jan-18 5:10 pm to glnz Uhmm... if the Allegro software wasn't freeware, then somebody had to be paying royalties for its use, and that licensing agreement ought to have specified the software version for which payment was being made. In which case, either the chip maker was using the software without notifying Allegro and paying continuing royalties or Allegro wasn't properly informing its customers of the patch (if only by discontinuing licensed usage of earlier unpatched versions).
	· actions · 2016-Jan-18 5:10 pm ·
glnz join:2006-11-26 New York, NY	glnz Member 2016-Jan-18 9:36 pm Blackbird - you miss the big picture. The router companies and the ISPs DO NOT CARE about this. All the routers are dangerous.
	· actions · 2016-Jan-18 9:36 pm ·
Blackbird Built for Speed Premium Member join:2005-01-14 Fort Wayne, IN kudos:4 ·Frontier Communi..	Blackbird Premium Member 2016-Jan-18 11:07 pm said by glnz: Blackbird - you miss the big picture. The router companies and the ISPs DO NOT CARE about this. All the routers are dangerous. No, not all the routers were termed "unsafe", "dangerous", or even "problematic" (WSJ tester's term) - only 4 of 20 tested models were in that latter category, and those were for one category each. While many models had 'weaknesses' of one sort or another, the WSJ terminology used regarding them did not rise to the descriptive level you applied to the "big picture". Certainly I wish the router companies and ISPs cared more about security, but your thread title exaggerates the article's conclusions. My observation about the Allegro situation merely pointed out that the lead-in premise of the article was flawed by laying the Allegro example largely at the feet of chip makers not bothering or knowing to incorporate software patches... in this case, there had to be a more basic breakdown or negligence in the update/patch/communication process between Allegro and component makers for the reasons I stated earlier.
	· actions · 2016-Jan-18 11:07 pm ·
DarkSithPro join:2005-02-12 Tempe, AZ kudos:2	DarkSithPro to glnz Member 2016-Jan-18 11:23 pm to glnz Is DD-WRT, Tomato and Open WRT a safer option for people with routers? I'm assuming they get updated and patched more regularly than the in-house firmwares?
	· actions · 2016-Jan-18 11:23 pm ·
sivran Vive Vivaldi Premium Member join:2003-09-15 Irving, TX kudos:2	sivran to glnz Premium Member 2016-Jan-19 6:45 am to glnz One router out of 20 tested found to be vulnerable when attacked using Metasploit. This is hardly "all" routers.
	· actions · 2016-Jan-19 6:45 am ·
Trel Good Evening Premium Member join:2002-10-08 Hillsborough, NJ ·surpasshosting	Trel to DarkSithPro Premium Member 2016-Jan-19 11:27 am to DarkSithPro said by DarkSithPro: Is DD-WRT, Tomato and Open WRT a safer option for people with routers? I'm assuming they get updated and patched more regularly than the in-house firmwares? Tomato firmware was last updated in 2010....so definitely more reguarly than whatever the ISP gives you.
	· actions · 2016-Jan-19 11:27 am ·
MacGyver join:2001-10-14 Russell, ON kudos:2 ·Start.ca ·TekSavvy DSL ·voip.ms Technicolor DCM476 Linksys E4200 Sipura SPA-2102	MacGyver 2016-Jan-19 12:33 pm said by Trel: Tomato firmware was last updated in 2010 That's not right, either. Shibby released v132 of Tomato 1.28 in October 2015. And is continuing to develop new versions for newer routers with ARM processors. »tomato.groov.pl/
	· actions · 2016-Jan-19 12:33 pm ·
Trel Good Evening Premium Member join:2002-10-08 Hillsborough, NJ ·surpasshosting	Trel Premium Member 2016-Jan-19 1:41 pm said by MacGyver: said by Trel: Tomato firmware was last updated in 2010 That's not right, either. Shibby released v132 of Tomato 1.28 in October 2015. And is continuing to develop new versions for newer routers with ARM processors. »tomato.groov.pl/ Shibby's version is a fork. »www.polarcloud.com/tomato is the original and version 1.28 was released in 2010.
	· actions · 2016-Jan-19 1:41 pm ·
trparky Android... get back here MVM join:2000-05-24 Cleveland, OH kudos:4	trparky MVM 2016-Jan-19 2:19 pm Yeah but I'm sure that Shibby has been merging patches into his fork as the need arises.
	· actions · 2016-Jan-19 2:19 pm ·
Noah Vail Oh God please no. Premium Member join:2004-12-10 SouthAmerica kudos:3	Noah Vail to Trel Premium Member 2016-Jan-19 3:25 pm to Trel said by Trel: Shibby's version is a fork. »www.polarcloud.com/tomato is the original and version 1.28 was released in 2010. Tomato is a fork of HyperWRT, which ceased development in 2005.
	· actions · 2016-Jan-19 3:25 pm ·
glnz join:2006-11-26 New York, NY	glnz Member 2016-Jan-19 3:37 pm DD-WRT, Tomato and Open WRT are great for true tech people here, but not so great for the rest of us who have no idea how to implement or manage them. Also, my router is a DSL modem-router supplied by Verizon. I need something to connect to the DSL, so it seems I'm stuck with whatever Verizon gives me, and the point of the article is that WE HAVE ZERO CONFIDENCE THAT THE ROUTER MANUFACTURERS OR THE ISPs ARE PROVIDING NEEDED SECURITY UPDATES.
	· actions · 2016-Jan-19 3:37 pm ·
Trel Good Evening Premium Member join:2002-10-08 Hillsborough, NJ ·surpasshosting	Trel Premium Member 2016-Jan-21 9:53 am said by Noah Vail: said by Trel: Shibby's version is a fork. »www.polarcloud.com/tomato is the original and version 1.28 was released in 2010. Tomato is a fork of HyperWRT, which ceased development in 2005. I'm aware of the history. But by the same logic logic that a forked version is being updated, couldn't you then claim that HyperWRT is still being updated because Shibby's fork of Tomato is? said by glnz: DD-WRT, Tomato and Open WRT are great for true tech people here, but not so great for the rest of us who have no idea how to implement or manage them. Also, my router is a DSL modem-router supplied by Verizon. I need something to connect to the DSL, so it seems I'm stuck with whatever Verizon gives me, and the point of the article is that WE HAVE ZERO CONFIDENCE THAT THE ROUTER MANUFACTURERS OR THE ISPs ARE PROVIDING NEEDED SECURITY UPDATES. DD-WRT and Tomato (and its various forks) are definitely NOT just for true tech people. The UI on Tomato is more straightforward than the base WRT firmware's, and DD-WRT's is the same but just with additional options. Also with ISPs you're always able (at least in the US) to tell them you want a modem ONLY and will be providing your own router.
	· actions · 2016-Jan-21 9:53 am ·
trparky Android... get back here MVM join:2000-05-24 Cleveland, OH kudos:4 ·AT&T U-Verse	trparky MVM 2016-Jan-21 10:26 am said by Trel: tell them you want a modem ONLY and will be providing your own router Not if you use AT&T uVerse. You pretty much are forced to use their gateway.
	· actions · 2016-Jan-21 10:26 am ·
Noah Vail Oh God please no. Premium Member join:2004-12-10 SouthAmerica kudos:3	Noah Vail to Trel Premium Member 2016-Jan-21 10:26 am to Trel said by Trel: by the same logic logic , couldn't you then claim that HyperWRT is still being updated because Shibby's fork of Tomato is? I was saying that if forks don't count toward development then the most recent release of Tomato is called HyperWRT-2005. Since that doesn't make any sense, I vote that forks count toward a developed product. said by Trel: DD-WRT and Tomato (and its various forks) are definitely NOT just for true tech people. Now that's just silly. It's like saying true chefs don't stoop to using dinnerware. I've been deploying pfSense boxes for 10 years. I'm techy enough and I've also installed +100 Tomato and DD-Wrt devices. A useful tool is always a good tool.
	· actions · 2016-Jan-21 10:26 am ·
Chubbzie join:2014-02-11 Greenville, NC kudos:1 Hitron CDA3-35 (Software) OpenBSD + pf	Chubbzie Member 2016-Jan-21 10:47 am said by Noah Vail: Now that's just silly. It's like saying true chefs don't stoop to using dinnerware. I might be mistaken but I think you misinterpreted Trel 's statement.
	· actions · 2016-Jan-21 10:47 am ·
mgraves1 Premium Member join:2004-04-05 Houston, TX kudos:1	mgraves1 to glnz Premium Member 2016-Jan-21 11:20 am to glnz pfsense is awesome. DD-WRT has been very good. I'd like to add »SmallWall.org, which is the follow-up to the excellent but now defunct m0n0wall project. Friends don't let friend use cheezy routers.
	· actions · 2016-Jan-21 11:20 am ·
glnz join:2006-11-26 New York, NY	glnz Member 2016-Jan-21 1:08 pm This thread isn't about DD-WRT or Tomato or similar. This is about the WSJ article showing widespread flaws in router security in routers made by the major makers. Let's please stick to that topic.
	· actions · 2016-Jan-21 1:08 pm ·
Anav Sarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS kudos:6	Anav Premium Member 2016-Jan-21 1:58 pm I got my tin hat on. Im safe. By the way, why the Wall Street Journal is publishing this article is because they realize that without routers, people will not be able to read the news online and will have to buy papers. I say we only use amurican routers and ban the immigration of foreign routers.
	· actions · 2016-Jan-21 1:58 pm ·
Chubbzie join:2014-02-11 Greenville, NC kudos:1 Hitron CDA3-35 (Software) OpenBSD + pf	Chubbzie to glnz Member 2016-Jan-21 2:54 pm to glnz said by »graphics.wsj.com/table/R ··· BLE_0116 : Netgear said only routers "with 64MB flash or above" support HTTPS in remote administration, and that others "don't have enough memory" to support it. Perhaps the captains of the SOHO router industry should form a security standards consortium. Also the router manufacturers should be forced to have routine security audits performed on their devices by non-affiliated third parties. The audits could be just before product launch and routinely throughout the life of the product's support. Allowing default passwords to remain active should have never seen the light of day at all.
	· actions · 2016-Jan-21 2:54 pm ·
Mele20 Premium Member join:2001-06-05 Hilo, HI kudos:8	Mele20 to Anav Premium Member 2016-Jan-21 6:54 pm to Anav said by Anav: By the way, why the Wall Street Journal is publishing this article is because they realize that without routers, people will not be able to read the news online and will have to buy papers. I don't use a router and I can access newspapers just fine on the internet. Routers are not needed to access the internet. They are needed if you run virtual machines, have more than one physical computer, etc.
	· actions · 2016-Jan-21 6:54 pm ·
DarkSithPro join:2005-02-12 Tempe, AZ kudos:2 ·Cox HSI	DarkSithPro to glnz Member 2016-Jan-21 9:21 pm to glnz said by glnz: This thread isn't about DD-WRT or Tomato or similar. This is about the WSJ article showing widespread flaws in router security in routers made by the major makers. Let's please stick to that topic. But those are possible solutions to fix the problem the article brings up.
	· actions · 2016-Jan-21 9:21 pm ·
Trel Good Evening Premium Member join:2002-10-08 Hillsborough, NJ ·surpasshosting	Trel to Noah Vail Premium Member 2016-Jan-22 12:23 am to Noah Vail said by Noah Vail: I was saying that if forks don't count toward development then the most recent release of Tomato is called HyperWRT-2005. Since that doesn't make any sense, I vote that forks count toward a developed product. You got that backwards. Forks don't count and as such The last release of HyperWRT was in 2005 The last release of Tomato Firmware was in 2010 Shibby's Tomato Firmware is still active said by Noah Vail: said by Trel: DD-WRT and Tomato (and its various forks) are definitely NOT just for true tech people. Now that's just silly. It's like saying true chefs don't stoop to using dinnerware. You got that backwards. I'm saying Tomato (and it's various forks) are easily used by tech people AND non-tech people. It's UI isn't confusing at all. It offers advanced options, but the basic stuff is easily accessible and clearly laid out. said by Noah Vail: I've been deploying pfSense boxes for 10 years. I'm techy enough and I've also installed +100 Tomato and DD-Wrt devices. A useful tool is always a good tool. pfsense is what I use now, Tomato is what I used to use. I wasn't saying anything negative about Tomato or DD-WRT at all.
	· actions · 2016-Jan-22 12:23 am ·
EdmundGerber join:2010-01-04 kudos:1	EdmundGerber to glnz Member 2016-Jan-22 8:33 am to glnz said by glnz: This thread isn't about DD-WRT or Tomato or similar. This is about the WSJ article showing widespread flaws in router security in routers made by the major makers. Let's please stick to that topic. Your title says ALL routhers are unsafe. We beg to differ. Now - if your title had said all newly released routers are unsafe, then you could bitch about this being off topic. As it is - my old clunky router makes me feel safe. said by DarkSithPro: said by glnz: This thread isn't about DD-WRT or Tomato or similar. This is about the WSJ article showing widespread flaws in router security in routers made by the major makers. Let's please stick to that topic. But those are possible solutions to fix the problem the article brings up. This...
	· actions · 2016-Jan-22 8:33 am ·
sivran Vive Vivaldi Premium Member join:2003-09-15 Irving, TX kudos:2	sivran Premium Member 2016-Jan-22 5:46 pm Sure. They're all unsafe...to varying degrees of unsafe. Just as is everything else on the internet. Very few have critical, world-ending, remotely exploitable without user interaction vulnerabilities. Even in the OP's own article, only one was remotely exploitable. There's not really much of a story here.
	· actions · 2016-Jan-22 5:46 pm ·
aefstoggaflm Open Source Fan Premium Member join:2002-03-04 Bethlehem, PA kudos:11 ·PenTeleData Linksys E4200 ARRIS SB6141 4 edits	aefstoggaflm to Mele20 Premium Member 2016-Jan-23 8:46 am to Mele20 said by Mele20 : said by Anav : By the way, why the Wall Street Journal is publishing this article is because they realize that without routers, people will not be able to read the news online and will have to buy papers. I don't use a router and I can access newspapers just fine on the internet. Routers are not needed to access the internet. They are needed if you run virtual machines, have more than one physical computer, etc. That is not entirely true. Be careful, there is more than one type of router! This is also what used to be called an Interface Message Processor (IMP), now days called router that deals with: a) Fastest possible route (path) b) And alternative route(s) if the is/are problems/issues with the fastest possible route. »en.wikipedia.org/wiki/In ··· rocessor To be clear, besides NAT router - At »en.wikipedia.org/wiki/Ro ··· mputing) I mean in the area called Internet connectivity and internal use, from Edge router all the way down to Internet backbone. For Port forwarding and for Voice/Data/Fax/Video Processing Routers at that same URL, in the area called Internet connectivity and internal use, I believe that they mean NAT router. I wish they would of kept the same name, some how to avoid confusing people. For example instead of Edge router, Edge IMP. Considering there is more than one type of router: #1 OP should of said: Wall St Journal says ALL *NAT* routers are unsafe #2 As well as correction to what you meant to say quote: I don't use a *NAT* router and I can access newspapers just fine on the internet. *NAT* routers are not needed to access the internet. They are needed if you run virtual machines, have more than one physical computer, etc.
	· actions · 2016-Jan-23 8:46 am ·
Anav Sarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS kudos:6	Anav Premium Member 2016-Jan-23 8:55 am Id say sitting in front of a turbo fan engine is definitely not safe.
	· actions · 2016-Jan-23 8:55 am ·
glnz join:2006-11-26 New York, NY	glnz Member 2016-Jan-23 9:03 am I'm the OP, and I'm amazed that so many commentators here think it's important that -- literally -- the WSJ article does not actually say that all routers are equally unsafe. That's not the point. The point is that the router makers and ISPs are ignoring genuine safety issues for thousands -- millions -- of consumers. Here's a recent comment in the WSJ article itself: "Excellent article. Has Comcast been notified of this issue since they have routers/modems with their private label that are made by Motorola? I was unable to check my Comcast router/modem against your tested routers. My discussion with Comcast tech support concerning my router/modem was not helpful since they were not familiar with the article or the problem." Exactly - the ISPs don't want to be bothered with the expense of protecting their customers. Instead of tech-heads here showing off your superior knowledge of which routers are slightly better than others, where's your outrage?
	· actions · 2016-Jan-23 9:03 am ·
aefstoggaflm Open Source Fan Premium Member join:2002-03-04 Bethlehem, PA kudos:11 ·PenTeleData Linksys E4200 ARRIS SB6141	aefstoggaflm to Anav Premium Member 2016-Jan-23 9:04 am to Anav said by Anav: Id say sitting in front of a turbo fan engine is definitely not safe. -- quote: I don't use a *NAT* router and I can access newspapers just fine on the internet. *NAT* routers are not needed to access the internet. They are needed if you run virtual machines, have more than one physical computer, etc. When you said, ETC what else did you mean?
	· actions · 2016-Jan-23 9:04 am ·

Forums → Software and Operating Systems → Security	« Microsoft Warns Windows 7 Has Serious Problems • There are no secure smartphones. »
page: 1 · 2 · next