Sunday, June 16, 2013

Known ridiculous router vulnerability allowed to exist for years

The US Department of Homeland Security is urging everyone to disable the common networking Universal Plug and Play (UPnP) protocol. This is being done because Rapid7 security researchers have found that tens of million devices worldwide are wide open to attack because of flaws in the network protocol and its implementations.
Major UPnP problems have been showing up since 2001, and they've never stopped showing up. As Armijn Hemel, owner of UPnPhacks wrote, "In May 2006 I presented a paper called 'Universal Plug and Play: Dead simple or simply deadly'...In the years following my presentation very little has changed. A lot of routers are still shipped with grave security bugs, including involuntary onion routing, remote root exploits, and complete remote control over firewalls. New exploits are popping up....
from How to fix the UPnP security holes

Where is the "free market," which would supposedly expose such vulnerabilities in each other's products?  Are the "free market's" actual competitors lying in ditches alongside roads?  Wouldn't we have to be really stupid to trust the same people who allowed this truck-sized hole to exist for so many years? 

In case after case such as this, we learn that something sold to us as secure is a sick joke. A good example is Windows' supposed military-grade hard-drive security - I connected my Windows drive to my PC which runs Ubuntu, and was able to access everything on the Windows drive, without even entering a password.

This is why I've decided not to spend a dime on supposed security, and to spend it on a separate mini-PC which is NEVER connected to the internet, and which HAS NO WIFI CAPABILITY, for stuff I want to keep private, and I just assume that it's open season on anything on my internet-connected computer. (You'd need a KM switch to switch your keyboard, monitor, and mouse/touchpad between the two computers. Dump Windows if at all possible, and go with Ubuntu. Use Wine, which allows many Windows programs to be run on an "Ubuntu PC." Put the OS and data on separate flash drives, and encrypt and backup the data. For details, see my blog on Ubuntu.)

As far as I'm concerned, every operating system is spyware for the "NSA's NSA" until proven otherwise, which I doubt is possible. As a Borg-like race of Satanic beings in human bodies which has nothing but contempt for the human race (which it considers to be a herd of cattle to be herded and abused as much as possible without alerting us to their nature and agenda), and which does such things as nuke hundreds of thousands of civilians when they can convince us that it was necessary, it has a "right" to know everything about everyone. I assume that all the blather about security is just another of their BS-blizzard smokescreens. Most people cannot conceive of such devotion to deception and stealthy back-stabbing. I never cease to be surprised by them myself, but they have largely extinguished my ability to trust anyone. You might wonder why God allows such creatures beings to exist; I suspect it's partly because without grains of sand, oysters wouldn't produce pearls.

However, Ubuntu without any firewall is evidently secure enough for my purposes on the internet, because after months of exposure to potential attacks, my hard-drive installation still works essentially as well as it did immediately after installation, although I wouldn't know if someone has been merely snooping. Google's Chromebook, which has proven to be all but impervious to hacking, is based on a variation of Linux. Try that with Windows, without the latest intrusion and malware protection, and your computer will soon run nothing but malware.