Honest question; anyone who did wireless networking back in the early days even slightly surprised by this?
Hundreds of commercial Wi-Fi routers are, or were, easily hackable by the CIA, according to classified files published today by WikiLeaks. The confidential US government documents describe the Cherry Blossom project, which is the framework by which CIA operatives can subvert wireless routers; install software that harvests …
and in other news . . .
the BBC confirms today that *really* only North Korea has hackers
Yet another reason to buy an open-wrt/dd-wrt/gargoyle/tomato compatible router and flash the firmware.
Or if security is your thing use create_ap on a Linux box only when you need wifi. Why broadcast all the time and deploy a product that introduces loads of features you dont need?
Are you sure it's Fedora 9? It was released in 2008, would have thought they'd use RHEL or similar
Are there any people in the NSA who've had the epiphany "Wait, are we the bad guys?!?" yet?
I suspect a routine psych eval would weed those out. Can't have people thinking the ends don't justify the means.
All democracies have intelligence services that do shady shit to get a clear picture and the upper hand on their adversaries. This should not be a surprise to be anybody, nor the consequences when some of their methods are made public.
"Are there any people in the NSA who've had the epiphany "Wait, are we the bad guys?!?" yet?"
Obligatory Mitchell & Webb sketch.
Yay. More routers getting hacked and malware site injecting DNS changes incoming.
Curious use of the word "commercial"
How many people actually make their own routers?
And if you are a business WTF would you allow over the air changes?
This looks like an industry wide fail .
Re: Curious use of the word "commercial"
I imagine that it's to differentiate between those that use pfsense, DDWRT, Smoothwall, or even those who roll their own iptables or pf based *nix based solutions directly off of the bare packages from their chosen distros.
I used to maintain installations where a shoestring budget would be an upgrade, and know I'm not the only one.
Slight waste of time
I'd say that's a waste of time, given that some organisations are rigged to route all traffic via the US.
In Belgium, for instance, one of the biggest telcos routes anything that isn't destined for Belgium itself via a US backbone which saves the NSA from having to tap into data streams on foreign grounds.
You can enable Autonomous System reporting on traceroute - just run each first and last occurrence of a new AS through geo location and you'll see what I mean.