[nsp-sec] dlink router worm or dlink compromise leads toinfectedPCs?
Florian Weimer
fweimer at bfk.de
Sat Mar 22 15:25:52 EDT 2008
* Barry Greene:
> Be mindful that these "Best Buy" purchased CPE companies run at such
> tight margins that the normal means of spinning up a proactive response
> (uses the FIRST community) will not work. These companies cannot afford
> the over head of a FIRST/CERT team. When they do, it is not part of the
> FIRST, since it takes too much time and money (in their POV) to get
> ready for the FIRST review. So looking at a path where one of this FIRST
> Teams grab this CPE exploit vector is going to be "pushing rope."
Well, you don't have to aim for FIRST. If you've got engineers with
some reputation in the community, you should be able to subscribe to
vendor-sec. This will help you with keeping the open part of your
platform relatively free from known issues.
But in essence, you're right -- these companies aren't prepared to
create updates. D-Link probably should, and Sphairon as well. But
the embedded OS on those devices comes from God-knows-where. It seems
that the firmware is rarely created by employees or direct
contractors, and often without any support from the usual suspects in
the embedded marketplace. 8-(
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list