• zelifcam
    link
    English
    138
    edit-2
    7 months ago

    deleted by creator

    • @subtext
      link
      English
      377 months ago

      It’s possible the “mystery” they refer to could be related to the identity of the hacker(s), how it got onto the routers in the first place, or the purpose for the attack

      • zelifcam
        link
        English
        8
        edit-2
        7 months ago

        deleted by creator

        • @subtext
          link
          English
          187 months ago

          With no clear idea how the routers came to be infected…

          • zelifcam
            link
            English
            5
            edit-2
            7 months ago

            deleted by creator

        • @Odelay42
          link
          English
          107 months ago

          You posses extremely niche knowledge. Being catty because the headline doesn’t suit your preferences comes off as fairly rude and pretentious. Good for you for understanding that the headline is misleading, but there are more relatable ways to say that.

            • @Odelay42
              link
              English
              27 months ago

              Ah so you’re just kind of rude, cool.

        • Joe
          link
          fedilink
          English
          27 months ago

          English aint Lojban, if you know what I mean.

      • @[email protected]
        link
        fedilink
        English
        07 months ago

        “mystery malware”

        The article clarifies the name of the malware.

        Clickbait BS. Why are you being disingenuous?

        • @subtext
          link
          English
          107 months ago

          Your reply reads to me as if you’re calling me disingenuous, which I can’t for the life of me understand. I’m not the author. I offered a possible explanation.

    • StarDreamer
      link
      fedilink
      English
      127 months ago

      As someone who works with 100Gbps networking:

      • why the heck do these routers run Lua of all things???
      • Max-P
        link
        fedilink
        English
        97 months ago

        OpenWRT uses Lua for its web UI. The interpreter can be really small which works well for tiny embedded devices with mere megabytes of storage, and it’s much safer than writing a web GUI entirely in C.

        • StarDreamer
          link
          fedilink
          English
          27 months ago

          Yeah I completely forgot about the consumer side of things. I was expecting there being Cisco iOS/FRR router configs, not a full web dashboard.

      • @[email protected]
        link
        fedilink
        English
        27 months ago

        I imagine the malware binary includes a lua interpreter for executing scripts fetched from its command and control server.

  • @subtext
    link
    English
    317 months ago

    One day last October, subscribers to an ISP known as Windstream

    In case anyone only reads the headline

  • KaRunChiy
    link
    fedilink
    267 months ago

    Oh shit, I use Windstream, this explains a lot about why they were so busy replacing everyones routers down here. I had assumed it was just a defective design since they used all the same units for every network, but it was actually malware, wild

  • tjr
    link
    fedilink
    247 months ago

    the sad thing is this is just routers, think about all of the IoT devices that are compromised due to vendors not caring about patching security issues, just worrying about selling IoT.

  • @Cosmicomical
    link
    English
    137 months ago

    Keep firing tech people, the tech peiple will have to find an hobby

  • @[email protected]
    link
    fedilink
    English
    107 months ago

    And that’s why you should run your own router. Preferably using open firmware/OS like ddwrt or pfSense/opnSense.

    • robotica
      link
      English
      27 months ago

      I’m curious, does running open source software somehow exempt you from getting malware?

      • @[email protected]
        link
        fedilink
        English
        127 months ago

        Not necessarily, but the odds of getting popped by a heretofore undisclosed backdoor that your ISP didn’t think would be a big deal are eliminated entirely, and you can also do a lot more interesting things with your home infrastructure, if that’s your thing.

        • @[email protected]
          link
          fedilink
          English
          97 months ago

          You also get regular updates with open source firmware. Many of the ISP provided routers will never see an update.

        • Max-P
          link
          fedilink
          English
          57 months ago

          It also doesn’t ship with ISP backdoors or ISP remote management crap that can be a big attack vector. Just about every ISP router I’ve looked at has some hardcoded super admin password or secret unauthenticated paths to access hidden settings.

          Custom firmware ships with plain web UI and/or SSH only from the LAN side (or even specific VLAN), so right off the start there isn’t a whole lot of potentially exploitable surface. And the community actually cares.

        • robotica
          link
          English
          1
          edit-2
          7 months ago

          Is the recent XZ backdoor (and something that had to do with SSH too) anything to worry about in terms of the probability of there being a backdoor even in open source router software?

          Not trying to dissuade anyone here, I love open source software, I’m just wondering how much effort is reasonable to be put into securing your local network (i.e. buying your own router, also installing open source software, or writing your own router software if you don’t trust existing solutions) given that not everyone is tech savvy and you get diminishing returns for every additional security measure. And when is the usual point at which you would say “okay, this is secure enough”?

          My router is not from an ISP, but it does get frequent firmware updates and I don’t use any cloud management features, only local configuration.

          • @[email protected]
            link
            fedilink
            English
            07 months ago

            I mean, the ISP-provided boxes don’t give you a way to upgrade past that faster than you would on an open distribution. The latter had fixes out within a week, or just weren’t affected. And it’s also way easier to check the deps on open firmware/OSes.