i was unpacking a firmware for a router whose official name includes "killer engine" for a thing and it turns out that one internal codename for it is "venom" and the other is "armada" please cancel gamers thx
-
Show this thread
-
vendor: "automatic firmware updates!" me: "finally someone puts a dent into the massive problem of insecure SOHO routers. actually hang on" *unpacks firmware* me: "oh."
3 replies 7 retweets 69 likesShow this thread -
so, it downloads firmware updates. over http. but don't worry, they're signed. with md5. but at least the signature is downloaded over https. with --no-check-certificate. but at least they actually verify the signa*dies*pic.twitter.com/96EbDXK3hi
11 replies 168 retweets 358 likesShow this thread -
Linksys you literally added ONE FEATURE over what's essentially stock openwrt and you managed to fuck up EVERY SINGLE THING you could possibly fuck up look at this thinghttps://gist.github.com/whitequark/f7ac76449d875133da0aa5a9cb97f6c6 …
6 replies 36 retweets 127 likesShow this thread -
Replying to @whitequark
Holy shit, they should just call this feature "automatically add my router to a botnet". I guess the only saving grace is that the router is likely to be downloading its firmware updates over a wired connection.
1 reply 2 retweets 4 likes -
Replying to @TedMielczarek @whitequark
so you can't take over ever router in a city unless you can find a misconfigured router or a cisco ios vuln, that's alright then
2 replies 0 retweets 3 likes -
Replying to @bobpoekert @whitequark
Oh yeah, I was not suggesting that it was not exploitable, just that the bar might be a little higher than "find a device on open WiFi". It's ridiculous either way.
1 reply 0 retweets 0 likes
there's also a script in cgi-bin that installs anything uploaded to it without any authentication, but i haven't verified that it actually works live since i don't have this router, and didn't want to assert a statement that might be wrong
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.