Comment 168 Re: Okay

Story

Netgear Hides Router Backdoor Instead of Fixing It

Preview

Okay (Score: 2, Interesting)

by Anonymous Coward on 2014-04-23 14:41 (#15D)

this is indeed deliberate, maybe on NSA order? As a consequence Netgear, Cisco, Linksys and the other US network gear suppliers should be avoided as home and in enterprise equipment from now on

Re: Okay (Score: 1)

by songofthepogo@pipedot.org on 2014-04-23 15:26 (#15E)

Time to look into open-source firmware. Replacing oem with, eg, dd-wrt would mitigate this sort of thing, wouldn't it? I'm honestly asking.

Re: Okay (Score: 3, Informative)

by omoc@pipedot.org on 2014-04-23 17:00 (#15F)

Well, sadly most Linux distributions tend to *not activate* some exploit mitigation. I don't know about the Linux router firmwares but last time I checked they even used some old kernel versions that didn't even had some of these mitigations. Personally I use an OpenBSD on an old ALIX board for a long time. Too bad pfsense is based on FreeBSD instead of OpenBSD, otherwise it would be an ideal candidate.

For hardware, I would recommend either the ALIX boards http://www.pcengines.ch/ (there is a new APU model) or Mikrotik routerboards http://routerboard.com/

Re: Okay (Score: 2, Interesting)

by fnj@pipedot.org on 2014-04-25 14:46 (#15X)

Nothing at all against OpenBSD, it is great, but do you have something of substance against FreeBSD? Why specifically do you think basing pfsense on FreeBSD is a negative? I may be reading too much into your comment.

Re: Okay (Score: 2, Interesting)

by omoc@pipedot.org on 2014-04-25 18:07 (#168)

FreeBSD just started to implement mitigations that have been standard in OpenBSD for years. For example, ASLR or SSP, last time I checked was 2013 and FreeBSD still lacked these very simple mitigations that are even available in Windows by now. This is just utterly ridiculous.

They're just sloppy in terms of security and they also accept horrible patches just because there is some performance benefit. OpenBSD plays on an entirely different level and is my only choice for infrastructure as critical as routers.

Moderation

Time Reason Points Voter
2014-04-26 16:36 Interesting +1 songofthepogo@pipedot.org

Junk Status

Not marked as junk