[PLUG] How to confirm my router is safe
Ben Koenig
techkoenig at gmail.com
Wed Apr 25 00:07:04 UTC 2018
> https://www.opb.org/news/article/npr-sounding-the-alarm-
> about-a-new-russian-cyber-threat/
>
> It recommends following your router manufacturer's guidance on making sure
> the router is secure. It doesn't say specifically what to search for. I
> have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment 12.09.
> What foo should I use to determine what version of firmware I should be
> running to be reasonably secure?
>
Dear God. You just linked to an HTTPS website that contains insecure
content. I examined the source code for that web page, and nearly drowned
in the tsunami of Javascript that filled my screen.
Supposedly, the authenticity of opb.org was verified by a certificate,
however there are some jpg images being displayed that were retrieved via
the HTTP protocol.
Looks fishy, does anybody here know who
opb-imgserve-production.s3-website-us-west-2.amazonaws.com is? There are a
number of images on that article page that are linked from that domain over
HTTP. It's not a mistake, since they appear to be inaccessible when making
the request over https://.....
http://opb-imgserve-production.s3-website-us-west-2.amazonaws.com/c_limit,g_center,h_480,q_90,w_620/583fb000afffed62434e727397972932.jpg
I'm not exactly sure how "bad" this is, but just to be safe I'm going to
update my firmware AND stop visiting www.opb.org :-(
More information about the PLUG
mailing list