quinquennial at May 12th, 2014 15:30 — #3
This just in: The US makes routers.
brainspore at May 12th, 2014 15:31 — #4
Something tells me the market for U.S.-made routers is about to dry up.
moneta_mace at May 12th, 2014 15:37 — #5
Probably not. It's not if someone is spying on you, it's who's spying on you. So pick your manufacturer based upon which nation has the least relevance to your business.
dacree at May 12th, 2014 15:51 — #6
Build your own firewalls people. Look to BSD.
rigs at May 12th, 2014 15:52 — #7
Is this still considered whistleblowing? How so?
l_mariachi at May 12th, 2014 16:25 — #8
Are you serious? How is it not? Revealing that the NSA is illegally or at least unethically sabotaging U.S. technology exports clearly counts as whistleblowing. This isn’t a list of deep-cover field agents or nude selfies of James Clapper here.
xzzy at May 12th, 2014 16:38 — #9
That won't do anything if your isp is running a compromised router.
The lesson being taught is to encrypt every single thing you put onto the network.
(Too bad SSL is compromised too! We're pretty much fucked no matter which way you approach it.)
davide405 at May 12th, 2014 18:12 — #10
Must. Gouge. Out. Mind's. Eye.
cunk at May 12th, 2014 18:25 — #11
Two questions immediately come to my mind:
1) How exactly does the NSA "interdict" these shipments? Hijacking? Bribery? Willing cooperation of someone in the supply chain?
2) How deeply embedded is this software? Can it be wiped by reinstalling firmware downloaded directly from the vendor?
spocko at May 12th, 2014 18:46 — #12
These are great questions. And they really should be addressed. By the manufacturers. Who are probably cooperation under one of those NSA security letters so they can't talk about it.
crenquis at May 12th, 2014 19:31 — #13
Perhaps during "Customs"... Sorry Comrade, this shipment of routers will be held until we receive additional documentation.
spocko at May 12th, 2014 20:08 — #14
ffabian at May 13th, 2014 02:29 — #15
Excellent! Europes tech industry is jumping for joy.
In other news:
The USA becoming the ultimate hypocrite. If it's hypocrisy gets any denser it probably forms some sort of irony singularity.
cowicide at May 13th, 2014 07:58 — #16
dacree at May 13th, 2014 10:31 — #17
I think you may misunderstand the problem. We assume internet traffic is compromised and we take steps to reasonably secure that traffic.
Even if your ISP has a compromised router, the only thing the baddies would see is your outgoing and incoming traffic. In other words, they would only see internet traffic. Egress and Ingress traffic can be secured with the use of IPSec VPN or similar technology. As long as anything sensitive is transmitted securely, a compromised ISP router isn't much of a threat.
On the other hand, if your router is compromised, the baddies can see LAN side traffic and that's a whole other can of worms.
kimmo at May 13th, 2014 11:31 — #18
Nearly there, look:
goodpasture at May 13th, 2014 14:28 — #19
No, this is considered "reporting."
The "whistleblowing" part happened a year ago.
cunk at May 13th, 2014 18:36 — #20
Yeah I think you're exactly right. Keep all this stuff under your own roof. Easier to contain that way (usually hah).
And I'm guessing this program is about low-end home & small business routers since those are least likely to get updated. Unless they've infected these devices at such a low level that their tools aren't affected by firmware updates.
bobwinter75 at May 16th, 2014 16:52 — #21
I'd say take your router and flash it with open source firmware like DD-WRT or Tomato to close up these security flaws. I have purchased a DD-WRT router from a company called FlashRouters, which was very helpful in that it helped me avoid the stressful flashing process.
doctorow at May 17th, 2014 15:14 — #22
This topic was automatically closed after 5 days. New replies are no longer allowed.