this post was submitted on 30 May 2024
0 points (NaN% liked)

Technology

58009 readers
3065 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
0
Mystery malware destroys 600,000 routers from a single ISP during 72-hour span (arstechnica.com)
submitted 3 months ago by termain@programming.dev to c/technology@lemmy.world
5 comments fedilink hide all child comments
top 5 comments
sorted by: hot top controversial new old
[–] gravitas_deficiency@sh.itjust.works 0 points 3 months ago (1 children)

And that’s why you should run your own router. Preferably using open firmware/OS like ddwrt or pfSense/opnSense.

[–] robotica@lemmy.world 0 points 3 months ago (1 children)

I'm curious, does running open source software somehow exempt you from getting malware?

[–] gravitas_deficiency@sh.itjust.works 0 points 3 months ago (1 children)

Not necessarily, but the odds of getting popped by a heretofore undisclosed backdoor that your ISP didn’t think would be a big deal are eliminated entirely, and you can also do a lot more interesting things with your home infrastructure, if that’s your thing.

[–] robotica@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (1 children)

Is the recent XZ backdoor (and something that had to do with SSH too) anything to worry about in terms of the probability of there being a backdoor even in open source router software?

Not trying to dissuade anyone here, I love open source software, I'm just wondering how much effort is reasonable to be put into securing your local network (i.e. buying your own router, also installing open source software, or writing your own router software if you don't trust existing solutions) given that not everyone is tech savvy and you get diminishing returns for every additional security measure. And when is the usual point at which you would say "okay, this is secure enough"?

My router is not from an ISP, but it does get frequent firmware updates and I don't use any cloud management features, only local configuration.

[–] gravitas_deficiency@sh.itjust.works 0 points 3 months ago

I mean, the ISP-provided boxes don’t give you a way to upgrade past that faster than you would on an open distribution. The latter had fixes out within a week, or just weren’t affected. And it’s also way easier to check the deps on open firmware/OSes.