HN Gopher Feed (2017-06-22) - page 1 of 10 ___________________________________________________________________
Linksys CherryBlossom Advisory
67 points by jonsouth
http://www.linksys.com/us/support-article?articleNum=263800opher.com___________________________________________________________________
voltagex_ - 8 minutes ago
I wonder if a factory reset is enough in all cases - the source for
the factory reset has to be on the device itself.I haven't played
with it much, but there are ways to persist after a reset on
Android, I'd assume the same is possible here. Very happy to be
corrected.Anyone know what the cheapest Linksys I could buy is, and
whether these vulnerabilities have been released publicly?
lamlam - 3 minutes ago
If the security of your router is of concern to you I would
recommend setting up your own FreeBSD+pfSense router.Another
option is to setup a vpn server that all your devices connect to
to access the internet. In that scenario it won't matter if your
router is compromised because all traffic flowing through would
be encrypted.
rickycook - 2 minutes ago
i'm not saying it's happened here, but i'd imagine with router
firmware (because it's not too large) it'd be pretty cheap to
have a copy of the factory firmware and settings in a physically
read only storage of some kind
throwanem - 1 minutes ago
Yeah, I'd think it would take a reflash to get rid of the
compromise, since the compromise is implemented by means of
firmware replacement to begin with.Probably your cheapest bet on
the supported device list (ca. p27 of the PDF on Wikileaks) would
be a WRT54G v5. The GL models have some support as well, but last
I checked they had a relatively high used value, presumably for
their hackability - the G models are much more limited.
dang - 4 minutes ago
Url changed from http://bitsonline.com/linksys-remove-cia-tools/,
which points to this.