According to Cisco the VPNFilter malware is worse than initially thought

[captain_to_fire]

18 minutes ago, Blademaster91 said:

A lot of newer routers are pretty powerful with dual or quad core cpu's, should have some kind of anti-malware out of the box.

Other than the Bitdefender Box and the Norton Core, I’m not aware of any router that has an anti-virus preinstalled

[Trixanity]

13 minutes ago, Blademaster91 said:

Following a tutorial and setup process that would take like an hour? That is kind of a lot to ask the normal consumer IMO, especially when most modern routers you can set up in less than 5mins with a iOS/Android app, then most people set that box in the corner and never update the firmware.

Probably less than 2 if we don't count unboxing and plugging in. It's getting ridiculously easy to setup consumer products. Depends on the product though of course.

 

Just the idea of asking the average joe to read/watch a couple of tutorials and spend a couple of hours fiddling with a product that's overkill for their needs sounds absolutely ludicrous. That's when you realize how enthusiasts have lost perspective.

[Fasterthannothing]

29 minutes ago, Blademaster91 said:

Following a tutorial and setup process that would take like an hour? That is kind of a lot to ask the normal consumer IMO, especially when most modern routers you can set up in less than 5mins with a iOS/Android app, then most people set that box in the corner and never update the firmware.

Is one hour not worth the increased security of your internet and your personal information? If people are that lazy then they are really asking to get hacked. It's going to take a heck of a lot longer to get your stuff secure again and passwords and credit cards changed if your network is breached. Also I don't get why people are too lazy to update their stuff literally like once a week before you go to bed go into the interface click check for updates and if there are some click update and it will update and won't cause any disruptions since you'll be asleep while it's updating. It's 2018 people really need to come to terms with proper security practices and learning how to use technology as a defense instead of an open door for hackers.

[laminutederire]

5 hours ago, sazrocks said:

That’s correct, however HTTPS often has security holes that can be created by other software (I’m looking at you, superfish).

 

That and there are an astounding number of things that STILL do not use HTTPS, even for AUTHENTICATION!

Sure but for instance, most if not all banks do use https. That greatly reduces the possibility of a man in the middle attack with devices already set up for a secure connection with said bank. Just to say that while it's clearly a big deal, its not an inevitable end of the world either.

[sazrocks]

33 minutes ago, laminutederire said:

Sure but for instance, most if not all banks do use https. That greatly reduces the possibility of a man in the middle attack with devices already set up for a secure connection with said bank. Just to say that while it's clearly a big deal, its not an inevitable end of the world either.

I don’t see how your post disagrees with mine.

[jagdtigger]

15 hours ago, PocketNerd said:

now if only I had the money for a pfsense router pc...

I just recently asked the same question in networking:

Its not that expensive IMO....

Edited June 8, 2018 by jagdtigger

[Lurick]

11 hours ago, Shorty88jr said:

I honestly don't think it would be that hard for a normal person to operate a pfSense router. Literally buy one pre built boot it up follow a couple of tutorials on YouTube of the setup process and then plug the AP in use the ubnt app scan the barcode and follow the steps. Presto the whole thing is done in like maybe an hour or 2 if you really have no clue what to do. 

 

11 hours ago, sazrocks said:

Two points here:

1. If you buy something without the slightest idea how it works, you deserve any fallout from that decision. This is part of a larger issue where the consumer needs to educate him/her self to a certain extent about what they buy.

2. Pfsense is a system designed for functionality and customizability, not plug and playability. Ubiquiti (and others) have much more cohesive and easy to setup solutions which I would recommend.

 

I agree but people are lazy and just want things to work. They don't want to have to learn stuff if they can avoid it which is sad, I know, but it's how things are these days =/

It would be nice if there was a more complete solution that was more plug and play like Ubiquiti that also was cheaper but that's probably just a pipe dream

 

(I was also kidding around a bit when I made my original post )

[Lurick]

11 hours ago, Weird Face said:

As an ASUS RT-AC68U owner, good to know I'm still immune (for now).

 

14 hours ago, Blademaster91 said:

My router isn't on the list either, but it's concerning to me since according to the Cisco article the list of targeted routers may not be complete. I should probably reset my router even if it isn't listed?

 

 

Just so you know, the list is only what's confirmed, not what could be vulnerable so you're almost definitely not immune, the malware just hasn't found the exploit for your box, yet.

[colonel_mortis]

18 hours ago, Master Disaster said:

Would this even fire a HTTPS error though? The packet is modified en route so assuming the authentication handshake isn't compromised anything coming in after that point is fair game. It's not like the browser would know the packet isn't genuine, right? I'd love to hear from @colonel_mortis on this one, he's a genuine expert on these things.

 

Also what are PGP certificates? That's a term I've not encountered before.

The trust model of TLS (the encryption protocol used to turn HTTP into HTTPS) is designed to place no trust in any devices between you and the server that you are trying to talk to, so your router/modem/AP is not able to read or modify encrypted traffic, or redirect it to an illegitimate server, without triggering a security error (and on larger sites, including this one, the security error generated cannot be bypassed).

 

The way this works, at a very high level, is that the when you connect to the server, the server proves that it is who it claims to be, and sets up an encrypted connection with you in such a way that nobody else who listens to the conversation can figure out the encryption key, only the parties at each end (you and the server). The rest of your connection to the server is then protected by authenticated encryption, so we have a guarantee that everything we send and receive cannot be read at all, and that if it is tampered with we will be able to detect it.

 

I don't know how this particular malware operates, so if it spreads to the computer we lose all guarantees, but if it only sits on the router your encrypted traffic is safe.

 

My understanding is that PGP is a scheme for encrypting messages between people, such as emails. Most emails don't use it (that's not to say that it's rarely used, just that unless you have it set up, you won't have used it).

 

I'm not an expert though, just someone who's interested in stuff like this.