Following on yesterday’s note about home routers getting hacked to send your surfing wherever the crooks want it to go, Brian “Peter Parker of the Internet Underground” Krebs has a great post listing a few MORE reasons not to trust that widget with a network connection.
The post in question is something I’ve been meaning to cover for a little bit. Krebs covers: – the Linksys “Moon” worm, which infected about 1000 Linksys routers, – The mid-February ASUS router security holes,
– Belkin’s WeMo “home automation” devices — pro tip here, USE YOUR FINGERS TO FLIP THE FRIGGIN’ LIGHTSWITCH IT’S NOT THAT HARD
– When your “Network Attached Storage” box of hard drives welded to a network jack starts mining Bitcoins (for someone else)
– Serious security holes in a Symantec INTRUSION PROTECTION product meant to deploy on computers
Fortunately Krebs is a reasonably cool customer and gives some good advice on how to lock down your routers. Short answer? Kill the stock swiss-cheese software and replace it with open-source firmware like DD-WRT or Tomato, which tend to be “secure by default.”
Handy links to the latter:
(too much to quote)