Submitted via IRC for TheMightyBuzzard
More than three months after being informed about remotely exploitable vulnerabilities in 25 router models, Linksys is[sic] yet to issue patches to remedy them.
Researchers at IOActive Labs wrote that they had informed Linksys of 10 flaws on 17 January, six of which could be remotely exploited by unauthenticated people.
But as of last week, all that Linksys had done was to notify users through a public post and suggest workarounds until patched firmware was ready.
Given Linksys' inactivity, the IOActive Labs researchers said they were holding off on providing the full technical details of the flaws until patched firmware was ready for download.
Shit, even we can manage a fix in six months...
(Score: 3, Informative) by kaszz on Wednesday April 26 2017, @12:44PM
In case any thread reader missed it a BrickerBot is already on the hunt "Rash of in-the-Wild Attacks Permanently Destroys Poorly Secured IoT Devices [soylentnews.org]" (2017-04-07). Destroying IoT attack vectors for fun and security.
BickerBot.2 was out by the time of the original source article [radware.com] (2017-04-05). And the entry point seems to be exposing port 22 (SSH) and running an older version of the Dropbear [ucc.asn.au] SSH server. The attacks started on 2017-03-20.
As someone else stated: Is it efficient? No. Is it entirely fair on the consumer? No. Is it likely the only viable way of addressing the IoT security problem? Probably. [securitybytes.io]