i was unpacking a firmware for a router whose official name includes "killer engine" for a thing and it turns out that one internal codename for it is "venom" and the other is "armada" please cancel gamers thx
-
Show this thread
-
vendor: "automatic firmware updates!" me: "finally someone puts a dent into the massive problem of insecure SOHO routers. actually hang on" *unpacks firmware* me: "oh."
3 replies 7 retweets 69 likesShow this thread -
so, it downloads firmware updates. over http. but don't worry, they're signed. with md5. but at least the signature is downloaded over https. with --no-check-certificate. but at least they actually verify the signa*dies*pic.twitter.com/96EbDXK3hi
11 replies 168 retweets 358 likesShow this thread -
Replying to @whitequark
[ -z "get_md5" ] always fails though (missing a $) so maybe the checksum really is validated?
2 replies 0 retweets 2 likes -
Replying to @benhutchingsuk @whitequark
I kind of like how when md5 validation fails, the script writes 'failed' to a text file and the proceeds to apply the update anyway? There's no early exit anywhere. Unless the sysupgrade command checks the contents of that text file in /tmp?
1 reply 1 retweet 1 like
I don't think the sysupgrade command checks it
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.