Yesterday, after reading a post in which I cautioned about a popular security podcast, someone asked me what podcasts I do listen to. I wrote this up a long time ago and never posted it for some reason, so now I’m correcting the oversight.
These are the security podcasts I’ve been listening to for several years now and continue to recommend. Security podcasts are a good way to keep in touch with current issues, and also a good way to get continuing education.
Continue reading Security podcasts I listen to
I set up a DD-WRT router on Charter’s Spectrum broadband, and had a hard time getting it to work. It wouldn’t pull an IP address on the WAN side, or it would pull a 192.168 address rather than a Charter public address.
Here’s what I had to do to fix it.
Continue reading When DD-WRT doesn’t work with Charter
If you have a router and want to run DD-WRT on it, but can’t find the router in the router database, you may have learned the hard way that the router database is a couple of years out of date.
But not all hope is lost. Here’s how to find a build, if one exists.
Continue reading What to do when your router isn’t in the DD-WRT router database
I have a D-Link GDS-2205 switch that I picked up cheaply. It turned out it was cheap because it didn’t work. But I thought I’d try to open it and look for bulging capacitors, since that’s a common problem with low-end network equipment.
Opening these boxes is tricky, but not impossible.
Continue reading How to open a D-Link GDS-2205 5-port gigabit switch
What can you do about it? Continue reading Another day, another router backdoor
The right thing to do is patch. But most exploits will assume that your router lives in the 192.168.0.x or 192.168.1.x space, whatever the factory default is. So you can get a degree of protection even against future vulnerabilities by moving your IP space somewhere else. Continue reading A quick security improvement: Change your IP range
Last year I bought my mother in law a D-Link router, an oddball DIR-615 revision E1 that was only sold at a few stores. It was supposed to be a Fry’s exclusive, but I bought hers at Micro Center. It worked for a while, then gave her trouble, so this year I was working with it again, and when I was setting it up, I noticed it had some security vulnerabilities–remote code execution, UPnP vulnerabilities, and who knows what else. So that got me some practice upgrading a D-Link DIR-615 to DD-WRT.
DD-WRT’s track record and attitude towards security research could be better, but I’d rather trust my mother in law to DD-WRT’s B+ security than D-Link’s F.
Continue reading Upgrading a D-Link DIR-615 to DD-WRT
Leave it to a security vulnerability to interrupt a perfectly good discussion, but it doesn’t get much worse than this. If you have an older D-Link router, it’s possible to completely bypass the authentication on its administrative web interface.
Continue reading Read this if you have a D-Link router
I see the advice going around, again, to disable the Windows firewall and rely on an external router, the justification being that it makes your computer “invisible.” It doesn’t. Only IPV6 can do that–and then, only if you don’t use it for anything.
The trouble with that advice is that there are botnets targeting routers. Routers are nothing special; they’re small computers running Linux on an ARM or MIPS CPU, typically outdated versions with old vulnerabilities that can be exploited by someone who knows what to look for. One example of this is the Aidra botnet. Typically Aidra is used to attack outside targets, but it’s not outside the realm of possibility for an infected router to turn on and attack the machines it’s supposed to protect. And if you’ve turned off your firewall, then you have no protection against that.
Continue reading The trouble with routers
My mother in law didn’t have wifi set up, but she picked up a smart TV this year, so she asked me if I could help her with it. So I picked up a D-Link DIR-615 on sale, brought it with me and set up wi-fi securely (hints: set the SSID to whatever time it happens to be, disable WPS, disable WEP and WPA, and use WPA2 with a long password with some numbers and symbols in it) and once it seemed to be working right, I put her TV and laptop on it. Then, as other relatives trickled in, they asked me for the wireless key. Soon the air was full of Androids and Apples chattering away on wireless.
She said she never realized how often we use our smartphones and tablets. Any time a question came up, someone whipped out a device and looked up the answer.It was nice, and it was a cheap project. Grab a name-brand wireless router on sale, grab a couple of extra CAT5e cables from Monoprice just in case, and you can be a hero for about the cost of dinner for two at any restaurant with sit-down table service. Maybe less.
While you’re ordering stuff from Monoprice, it probably wouldn’t hurt to pick up a small assortment of cheap USB and HDMI cables too, just in case anyone gave an electronic gadget to someone else and didn’t realize gadgets are more likely to come with batteries than with cables these days.