Re: [Cerowrt-devel] friends don't let friends run factory firmware

Tue, 05 Feb 2019 13:07:03 -0800 

Well, pots and kettles - I bet there are, amongst the huge numbers of 
LEDE/OpenWRt packages, some very useful DDoS amplification concerns. So it's 
really not a strong proof of the claim that "factory firmware" is bad.

My own home border router I built myself, and yet it acquires new problems with 
new updates (as well as having some fixed).

And, one thing that scares the bejeezus out of me is the passion for stuff like 
code allowing injection of binary code into the kernel (eBPF) being thrown into 
the Linux Kernel for "performance reasons". Hacking the clever network 
developer has never been easier - just throw them some complicated and subtle 
code that runs in the kernel that "everybody thinks is the coolest new thing". 
Here's the description of eBPF from the documentation I use: "The extended BPF 
(eBPF) variant has become a universal in-kernel virtual machine, that has hooks 
all over the kernel. " Lovely. So userspace can make the kernel do completely 
untestable things.
 
There are lots of great things about creating the freedom to experiment, modify 
your own devices' firmware, etc. I think the existence of that community makes 
the world generally safer (more eyeballs, more innovation, etc.).
 
But this idea that everybody benefits by running some non-standard firmware 
they choose for themselves?  That's bizarre to me, unjustifiable by any very 
good argument.
 
UBNT here seems to be doing the right thing - developing an update and 
distributing it to all its customers.

-----Original Message-----
From: "Dave Taht" <dave.t...@gmail.com>
Sent: Monday, February 4, 2019 3:41pm
To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>
Subject: [Cerowrt-devel] friends don't let friends run factory firmware

https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-new-attack/

-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

Reply via email to