Linksys wireless validating identity problem
Wiki Leaks released information regarding Cherry Blossom, which was allegedly developed by the CIA in conjunction with the Stanford Research Institute.Wiki Leaks claimed the project "focused on compromising wireless networking devices, such as wireless routers and access points" in order to exploit and monitor the internet activity of targets.If the router isn't validating digital signatures on the firmware, it's trivial to load custom malicious firmware," Williams told Search Security. You need enterprise-grade before most of them do it." However, Bobby Kuzma, security researcher for Core Security, noted that there may be router security issues with enterprise-grade devices not enforcing firmware signing.
The better way to do things is to take a page out of the government’s book and surreptitiously and warrantlessly monitor all Internet traffic that goes out of your house.
For the most part, I’m of the opinion that a little bit of minor mischief is harmless, and perhaps even character building, as long as they come out relatively unscathed.
But if you’re interested in sheltering your child, there’s an equally lavish smorgasbord of parental control and net nannying tools at your disposal.
When it comes to ensuring safety and responsibility on the Internet, proper education and a policy of mutual trust and respect are the best policies. The web is a vast playground of debauchery and anthropological horrors, and it’s a teenager’s prerogative to peer occasionally over the Gates of Mordor into the land of shadows.
From porn and bomb-building guides to Facebook and Twitter, the Internet is a vast cornucopia of potentially hazardous material."The wireless device itself is compromised by implanting a customized Cherry Blossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection." Experts noted that the major issue exploited by the Cherry Blossom project is that many routers do not validate the digital signature of a firmware update.