Submitted via IRC for TheMightyBuzzard
More than three months after being informed about remotely exploitable vulnerabilities in 25 router models, Linksys is[sic] yet to issue patches to remedy them.
Researchers at IOActive Labs wrote that they had informed Linksys of 10 flaws on 17 January, six of which could be remotely exploited by unauthenticated people.
But as of last week, all that Linksys had done was to notify users through a public post and suggest workarounds until patched firmware was ready.
Given Linksys' inactivity, the IOActive Labs researchers said they were holding off on providing the full technical details of the flaws until patched firmware was ready for download.
Shit, even we can manage a fix in six months...
(Score: 2) by Fnord666 on Wednesday April 26 2017, @04:08PM (1 child)
Establish a law that put the manufacturer in 20 year update obligation unless full documentation or source is made available?
Your $50 router now costs $2000. Manufacturers aren't going to foot the bill for such requirements, you and I are.
(Score: 3, Interesting) by jmorris on Wednesday April 26 2017, @09:00PM
You missed the or. The proposal would quickly solve itself to a PC like router standard and hardware makers would all make commodity 'compatible' gear varying in details like WiFi standard, number of antennas, USB ports, etc. but all capable of running any of several operating systems designed to run across the range of available gear. Like PC clones and Linux/BSD/Windows, the hardware maker would be responsible for warranty coverage of the hardware only, the preinstalled OS would be more of a 'for testing purposes only' intended to merely demonstrate the hardware works and enable loading the customer's preferred OS.