Bluelight

Thread: F.B.I.?s Urgent Request: Reboot Your Router

Results 1 to 7 of 7
  1. Collapse Details
    F.B.I.?s Urgent Request: Reboot Your Router 
    #1
    Senior Moderator
    Sports & Gaming
    Sober Living
    New Member Introductions
    The Lounge
    D's's Avatar
    Join Date
    Apr 2006
    Location
    the 'ville'
    Posts
    26,353
    F.B.I.?s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware
    Your mission, should you choose to accept it: Turn your router off, then turn it back on. That?s one of the things the FBI is asking people to do to help thwart a cyberattack it says agents of a foreign government are launching against U.S. citizens.
    Last week, security researchers at Cisco's cyberintelligence unit Talos warned of the attack: Malicious software, dubbed VPNFilter, had infected an estimated 500,000 consumer routers in 54 countries and was targeting routers from Linksys, MikroTik, Netgear and TP-Link, and possibly others.
    The FBI on Friday sent out a notice recommending that anyone with a small office or home office router reboot (turn on and off) their devices to stop the malware.
    The scope of the attack is ?significant,? the FBI said. Once the malicious software is on a user?s equipment, it could stop the router from working, collect information from the systems that run through it and possibly block network traffic, according to the agency.

    So, just reboot your router, and you shoud be safe.

    https://www.google.com/amp/s/amp.usa.../amp/650867002
    Last edited by D's; 29-05-2018 at 23:43.
    If you have any questions, comments, or suggestions please feel free to send me a PM. here
    Reply With Quote
     

  2. Collapse Details
     
    #2
    Moderator
    Current Events & Politics

    Join Date
    Oct 2012
    Posts
    4,521
    Gotta love how poorly engineered even some of the most ubiquitous technology is.

    My favorite example is WPS. After the piece of shit that was WEP encrypted wifi, we switch to something effective, then introduce WPS and subsequently break it all again cause some dumbshit didn't realize that 2 4 digit codes isn't the same number of possibilities as 1 8 digit code.
    Reply With Quote
     

  3. Collapse Details
     
    #3
    Moderator
    Current Events and Politics
    Homeless & Anonymous
    Sober Living
    North & South America Drug Discussion
    tathra's Avatar
    Join Date
    Jan 2001
    Location
    The Abyss
    Posts
    21,981
    Quote Originally Posted by JessFR View Post
    Gotta love how poorly engineered even some of the most ubiquitous technology is.
    its designed as cheap as possible and priced as high as possible to maximize profit margins, what do you expect? yay capitalism!

    my first thought upon seeing this is "reboot your router, [because the backdoor updates we sent out require a reboot]". the enemy of my enemy is not my friend.
    Reply With Quote
     

  4. Collapse Details
     
    #4
    Moderator
    Current Events & Politics

    Join Date
    Oct 2012
    Posts
    4,521
    Quote Originally Posted by tathra View Post
    its designed as cheap as possible and priced as high as possible to maximize profit margins, what do you expect? yay capitalism!

    my first thought upon seeing this is "reboot your router, [because the backdoor updates we sent out require a reboot]". the enemy of my enemy is not my friend.
    Not that that doesn't happen in many areas of business, but in this particular area it's not the case whatsoever. Almost all cryptography that winds up getting broken ends up broken because they paid to engineer it themselves instead of using an existing free open standard. And by doing so, it being broken is also pretty much a 100% certainty.

    In this case it is absolutely 100% sheer incompetence. They make an incompetent decision in thinking building their own encryption would be better than using an open and vetted one, then pay extra money for the worse outcome, then pay or lose more money when it gets broken.
    Last edited by JessFR; 03-06-2018 at 17:34.
    Reply With Quote
     

  5. Collapse Details
     
    #5
    Bluelighter jpgrdnr's Avatar
    Join Date
    Aug 2003
    Location
    in rain country
    Posts
    2,382
    This is posted ironically I take it?
    Reply With Quote
     

  6. Collapse Details
     
    #6
    Moderator
    Current Events and Politics
    cduggles's Avatar
    Join Date
    Nov 2016
    Location
    In a chromatically corrected world
    Posts
    5,795
    Quote Originally Posted by JessFR View Post
    My favorite example is WPS. After the piece of shit that was WEP encrypted wifi, we switch to something effective, then introduce WPS and subsequently break it all again cause some dumbshit didn't realize that 2 4 digit codes isn't the same number of possibilities as 1 8 digit code.
    That is basic (okay like a little past fractions) math!
    I'm just assuming a computer engineer was on the team to do this and they should know math at that level! Crazy.
    Reply With Quote
     

  7. Collapse Details
     
    #7
    Moderator
    Current Events & Politics

    Join Date
    Oct 2012
    Posts
    4,521
    Quote Originally Posted by cduggles View Post
    That is basic (okay like a little past fractions) math!
    I'm just assuming a computer engineer was on the team to do this and they should know math at that level! Crazy.
    It's actually even worse than it sounds, the final number of the 2nd 4 digit code is a checksum of all the digits that come before it, in other words, in practice it becomes a single 4 digit code as well as a 3 digit code, which brings it down to only 11,000 combinations.

    They've somewhat mitigated the issue by adding delays and lockouts when too many attempts fail, but there's still a lot of wifi devices out there that let you try combinations as fast as you want.

    And it gets even worse still when it was discovered that on many of those devices, turning wps off in the settings doesn't ACTUALLY turn wps off. It says it can be turned off but for some reason turning it off appears to do nothing.

    It's really kinda hilarious how inept a lot of so called engineers are.
    Reply With Quote
     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •