What say you?
The worm called “The Moon”, which began spreading between Linksys home broadband kit last week, has been confirmed as a problem with the devices' HNAP1 implementation, and an exploit has been made public. The exploit was posted to Exploit-db.com by user Rew, who said this Reddit discussion meant the “cat's out of the bag”. …
What say you?
The E2000 and some others can run DD-WRT, which mitigates this vulnerability. Call me Goku, cause I'm just sayin'.
"the E1000 is on the no-longer-supported list"
IIRC the E1000 would be about four years old. So Cisco no longer release critical software patches for a product less than four years old? And people complain about Microsoft...
Nothing to do with Cisco - Belkin aquired Linksys in 2013...
Ah, but it was a Cisco product when the E1000 was launched and when it went end of support. So if you're going to be pedantic check first.
For mentioning Edward Snowden?
How come el Reg haven't reported on the latest Snowden leak, even after I sent them a link to a BBC article? Hmm?
GCGQ: el Reg, you're generating a lot of negative publicity. Stop reporting on us NOW!
el Reg: OK.
"GCGQ: el Reg, you're generating a lot of negative publicity. Stop reporting on us NOW!
el Reg: OK."
Well .... the article you linked to is about Australian spies tapping a US company, who represent Indonesia.
What makes you think GCHQ care whether the Register publish a story about that?
Especially if the BBC already have?
Because of the fact that el Reg have NOT reported on it! Hello?
@Sanctimonious Prick I think the downvotes are there because the comment is not relevant to the story. Furthermore I doubt that downvoters could tell that the had anything to do with the Snowden/Australia/Indonesia/US story - looking back at it now I don't think there's even a clue that it had.
The downvotes were for being pretentious and cryptic. If you have some meaningful and relevant to this article to say, just say it. Don't make us guess what the connection between Snowden and The Moon is.
I have seen GET /HNAP1/ HTTP/1.1 requests dropped at my (personal) edge servers. It ramped up in December last year.
So it has been known for quite a while?
There's plenty of those around already. Is this going to make much difference? It's not like Linksys/Belkin is known for fine router software and somebody would buy one of these particular models based on some assumption of quality. More like these are marketed to the crowd who already has some virus running on their computer.
Most end users aren't aware that their home router could be vulnerable. This isn't the fault of the end user, it's the fault of the industry that sold it to them.
Furthermore I suspect most owners of some of the kit on the list would be frankly gobsmacked that their kit was no longer supported. As somebody pointed out in a comment on another story here only last week you'd be shocked to find that a ten year old car was no longer supported by the manufacturer. Or given that the router is a domestic appliance you'd be gobsmacked to find your three year old washing machine was no longer supported by the manufacturer and this is the real big issue with this story.
It's not so much that these relatively new products are vulnerable, it's that they are vulnerable and the manufacturer has no intention of fixing them. If they were some poxy cheap brand you'd never heard of you wouldn't be surprised, but Linksys are big ticket items as far as HOME routers go.
The Internet of Things, increasingly complex software/firmware, and seemingly no improvement in the average users' nous leads me to think we're heading into a golden age of worms and malware. Time to get in to the security biz, everyone and everything's going to need these services.
Golden brew for a golden age.
Since every home owner doesn't have the financial wherewithal or IT nous to buy and maintain an IPS device I think it's about time that ISPs are forced by law to run hefty IPS devices at their exchanges.
The Moon makes HNAP1 request just to check model and firmware version of device. If it matches with one in hardcoded list, it sends shell commands to exploitable script tmUnblock.cgi, to wget itself and execute on device.