Everyone’s a hacker.

13 Replies to “Everyone’s a hacker.”

1. They might want to consider patching the firmware on their routers with some upgraded stuff from:
   https://openwrt.org/
   https://www.lede-project.org/
   Here’s a thought, how about pass-wording yer router…so you don’t invite the entire internut to your network.
   Currently, I’m running a LEDE linux build 4.4.23 on my router with a great deal more granularity and control than the manufacturers firmware. Also you can compile stats to see which devices are on your network or if you wish, allow only specific mac addresses. Makes for much better networking and internut access.
   Cheers
   Hans Rupprecht, Commander in Chief
   1st Saint Nicolaas Army
   Army Group ‘True North’

2. That’s only feasible if your router is supported by the open source firmware project of your choice. And third-party firmware isn’t any more secure than the manufacturer’s. You flash with third-party firmware to gain more features, not to improve security. More features means a larger attack surface.
   The overall problem here is that complicated networking gear has become ubiquitous faster than the average person’s ability to understand it.

3. Then one can choose a router which is supported…
   Its not just about getting more features.
   Setting up one’s security for wifi channels is certainly a must.
   Also one has the granularity to shut off ports or wifi radios not used and/or redundant.
   If you want more security, one can opt for VPN through a service, with router firmware that supports it. Most of the openwrt/lede firmware can have the VPN feature enabled to support the service of your choice.
   While most routers carry the basic stuff the openwrt/lede version cetainly gives one more options/performance than the garden variety firmware.
   Cheers
   Hans Rupprecht, Commander in Chief
   1st Saint Nicolaas Army
   Army Group ‘True North’

4. I don’t think you understand the meaning of security in the context of network device firmware. It’s not about “options/performance”. It’s about properly auditing all the code for all the services in the device to close off attack vectors. Third-party firmware is no better, and many cases significantly worse, than manufacturer firmware in that regard.
   There might be a market for a consumer router/gateway manufacturer that security certifies its firmware and provides regular easy-to-install certified updates as a subscription service, but given that such devices would end up costing $400+, the savvy consumer is just going to buy low-end Cisco gear at that point.

5. I understand enough to know that telnet and ftp are essentially insecure…precisely why I mentioned closing unused ports etc.
   https://www.wireshark.org/
   For a brief intro…way beyond most folks for advanced evesdropping…
   Wireshark Packet Sniffing Usernames, Passwords, and Web Pages
   https://www.youtube.com/watch?v=r0l_54thSYU
   So one has a choice about how much of an internut profile one presents to hackerdom and NSA spooks who want to gather data…
   While complete anonymity/privacy is likely impossible one can take steps to reduce one’s profile and or opportunity for others to hack your system or home network.
   Cheers
   Hans Rupprecht, Commander in Chief
   1st Saint Nicolaas Army
   Army Group ‘True North’

6. Daniel is 100% here. And it’s why a wireless 4 port DLink home router costs $40 or so, but a non-wireless 24 port Cisco Catalyst or DLink 3xxx series are $600 and up.
   Even though the options available are similar* the major differences is that they constantly releases patches for their professional product lines, but not so much for it’s consumer lines.
   Open Source is a wonderful thing, but saying it is inherently more secure because it’s open is a false premise.
   * ‘similar’ in this case is like saying a bike is a car because they both take you from point A to B.

7. If you’re only worried about L7 cracks, you’re not paranoid enough.

8. “Open Source is a wonderful thing, but saying it is inherently more secure because it’s open is a false premise.”
   I didn’t say it was inherently more secure, I said it offered more granularity/security by way of shutting off ports/wifi radios not used/redundant.
   I’m probably not interesting enough to attract hacker attention in any case… 🙂
   A lot of folks don’t even do the simplest of the basics, they simply plug the router in and go surfing.
   Albeit, most of the internut is there to ADVERTISE to you by one means or another…in any case.
   While I didn’t spring for $600, I did pop off about $325, which is likely better than the $40 invitation to cyber crime. Though in the commercial space one can drop $1200-$2500 very easily for a ‘pro’ router. (eg Cisco 4000 series)
   Cheers
   Hans Rupprecht, Commander in Chief
   1st Saint Nicolaas Army
   Army Group ‘True North’

9. Yeah, that’s why all the virus’ etc are attacking Linux systems so badly, right?
   A good DDOS can attack anything, no matter what security it has.
   Open source software is generally more secure than cheap consumer grade stuff.
   Also, “features” like port blocking, QoS, etc, do not make systems less secure.

10. Oh, yeah. Linux is invulnerable. I am a Linux user, but I’m not blind to problems.
    I don’t want to speak for Daniel, but nothing you wrote contradicts anything he wrote, primarily, his statement, “More features means a larger attack surface.”
    Go ahead, though, offer the full Monty to every layman in the world. There’s even a QoS tutorial in there…and it starts with, “I assume your firewall is setup to default ACCEPT.”
    Wait, you want a Linux L7 filter? No problem. Good luck, home user.
    Can any person do it. Sure. Will they? No.

11. Simply put, dont put important things on the internet. The computer I use at home for work is not on. If I had an industrial plant, it wouldnèt be cpnnected physically at all.

12. OpenWRT is junk.

13. That hasn’t been my experience, your mileage may vary…
    Cheers
    Hans Rupprecht, Commander in Chief
    1st Saint Nicolaas Army
    Army Group ‘True North’