[AxisOfEasy] Your Home Router Probably Sucks

Weekly Axis Of Easy #79

This week’s quote:  “Uncertainty is an ineradicable fact of existence” …by ????

Last Week’s Quote was  “Do you know what amazes me more than anything else? The impotence of force to organize anything.” …by Napoleon Bonaparte. Winner was Joe.

THE RULES: No searching up the answer, must be posted in the comments below:

The Prize: First person to post, gets their next domain or hosting renewal on us.

In this issue:

  • Your home router probably sucks
  • SEC signs off on monetizing your genetic code
  • Euro parliament wants to outsource and automate censorship 
  • Yet another Facebook bug exposes millions of private photos
  • Yet another Google bug has G+ shut down four months early
  • Taylor Swift used facial recognition software on audience
  • Venezuela forcibly converting pension balances to petro crypto 
  • China datamining directly from brains of workers

Your home router probably sucks

Security analysts Cyber ITL reviewed 28 home routers basic security hardening features and found their firmware code generally lacked basic security hygiene. They also found a bug in the Linux/MIPS architecture.

They’ve released two white papers as a result, the first detailing the basic lack of software security in the routers surveyed, and the second outlines the MIPS bug. The Linksys wrt32x looks to suck the least, but interestingly, other Linksys devices you might think would be close behind (wrt1900ac, ea8500, ea6900, ea6100) sucked more. A lot more in some cases. But in short, Linksys, Netgear, Asus, et al… as far as security goes, they all suck.

“Given the role these devices play in consumers’ homes, and the ease with which these issues could be resolved, we believe the absence of these features is reckless and negligent. We strongly urge vendors to review their software build practices and adopt practices which ensure these basic security features are present prior to product release.”

SEC signs off on monetizing your genetic code

Are you a 23andme customer? Were you aware that the company cut a deal in July they received $300 million from a pharmaceutical company to sell them genetic data? Customers who paid to have themselves analyzed got bupkis. LunaDNA wants to change all that. They want to create a share structure wherein users who upload their Fitbit data or genetic tests will receive “shares” valued at roughly seven cents each. Your entire genome clocks in at $21. The company has received clearance from the SEC to monetize your data this way.

I’m somewhat surprised those shares aren’t an ethereum ERC-20 token…

Euro parliament wants to outsource and automate censorship

The European Parliament has adopted a paper calling for the “automatic detection and systemic, fast, permanent and full removal of terrorist content online” that also contains provisions to prevent the “re-upload of previously removed content”. The report as adopted contained three amendments rejecting these key tenets, and as such currently provides for recommendations only. It is a declaration of principle.

The bulk of the proposed censorship tools would ostensibly be outsourced to companies like Facebook and Google, they have demonstrated competence in this respect as the following two items demonstrate….

Yet another Facebook bug exposes millions of private photos

Facebook announced Friday that another bug in their platform allowed third-party access to private photos of 6.8 million users. That is, photos uploaded to the platform that were not shared with public visibility were accessible to third—party developers.

On the topic of Facebook, they also filed a patent to calculate your future location, as well as when you’ll be offline.


Yet another Google bug has G+ shut down four months early

Looks like Google will be shutting down  G+ four months earlier than originally planned. The company first announced it would shutter the failed social network when it was discovered that software bugs exposed the data of millions of users to third-party developers. Now another bug has been discovered, exposing the profile data of an estimated 52 million further users, so Google will be pulling the plug even sooner.

Read: https://www.wsj.com/articles/google-to-accelerate-closure-of-google-social-network-154446597 (paywall)

Reverse domain hijackings gone bad

Toronto IP lawyer Zak Muscovitch wrote a great op-ed about the dangers of trying to initiate a UDRP complaint against some domain without having the actual trademark claims to back it. It’s called “reverse hijacking” and it happens more often than you might think.

Taylor Swift used facial recognition software on audience

Taylor Swift, (the singer, not the security expert nor the credit derivatives analyst) employed a facial recognition system ahead of her Rose Bowl performance in May. The system was monitored remotely and was embedded within a kiosk displaying rehearsal footage. Those stopping at the kiosk to view the videos had their faces scanned and matched against a database of known T-Swift stalkers. There was no disclosure or notice to those entering the kiosk that their faces would be scanned and analyzed in this manner.

This may be a good example why the research institute AI Now identified facial recognition technology (which I mistyped as “racial”) as a key policy challenge in the years to come.


Venezuela forcibly converting pension balances to petro crypto

I once saw one of those joke “while you were out” memes that said “while you were out, to help the environment your 401K was converted into shares of Solyndra”. (Solyndra went bankrupt).

Meanwhile, in Venezuela life really does imitate inane memes. The government there is forcibly converting pension payments into units of the petro crypto-currency. The petro is a crypto-currency created by the Venezuelan government, ostensibly backed by oil reserves.  The Petro is not readily redeemable to actually buy stuff, and it is very complicated to convert petros back into Bolivars. Even worse, the petro seems to be crashing in value relative to the Bolivar, if you can believe that – given that the Bolivar itself blew out 1,000,000% inflation this year. Such are the wonders of socialism.

China datamining directly from brains of workers

Nevermind Facebook and Google data breaches, in China Government-backed surveillance projects are deploying brain-reading technology to detect changes in emotional states in employees on the production line, the military and at the helm of high-speed trains”. Just wait until that technology is integrated into their Sesame Credit system, their social media platform that rates every citizen according to their obedience to the State and becomes compulsory in 2020.

This will be the last #AxisOfEasy of 2018. I wish you one and all a very merry Christmas and a happy and safe New Year. Next issue will be the week of Jan 7, 2019.

easyDNS will be open for business throughout the holidays and support hours will be posted to the blog. We’ll be closed Christmas Day and New Years’ Day, but if you have a hair-on-fire type emergency, hit us up on Twitter or even reply to this email and we’ll see what can be done.

(Enterprise customers just use that 24×7 number at the top of your members login.)

4 thoughts on “[AxisOfEasy] Your Home Router Probably Sucks

  1. OK, this is rather pedantic but, the Cyber ITL papers do not follow some basic document rules: no date, no page numbers or number of pages. This was drummed into me when working on standards documents.

  2. Everything that exist have his own origins and importance fos something/someone. By importances that we give to somethging, we change our reality. It’s very important , allways, to think and act in the most positive ways, depending of situation in that we are. We need to fight against bad things that happens to us (humans), our planet and our eco-sistem. Informational figthing, it’s the most good way to change, in the most diplomatical way, the badest sides of our society, for this cause it’s very handly internet.

Leave a Reply

Your email address will not be published. Required fields are marked *