[conspire] (forw) Re: Converting a Linksys WRT54G version (something) to OpenWrt

Rick Moen rick at linuxmafia.com
Wed Aug 24 16:40:46 PDT 2011 

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Wed, 24 Aug 2011 16:40:14 -0700
From: Rick Moen <rick at linuxmafia.com>
To: Kai Sandoval <indigo.kai at gmail.com>
Subject: Re: Converting a Linksys WRT54G version (something) to OpenWrt
Organization: If you lived here, you'd be $HOME already.

I wrote:

> Once that is installed, we will be able to get in via either SSH or 
> the Web configuration interface, and set up your router, as describe
> here:  http://wiki.openwrt.org/doc/howto/basic.config

Which brings me to discussion of the next matter what will logically be
on your agenda:  If I recall correctly our recent telephone discussion
(which as I said was impaired by background noise) you have multiple
computers behind the Linksys wireless router -- including at least one
MS-Windows box and one Ubuntu Linux box -- that you have reason to think
have become system-compromised, i.e., rooted.

The first consequence of that is that you need to be careful to not
re-compromise the Linksys after you take it home from CABAL.  That, in
turn, requires that you cultivate the habit of thinking about security.
For example, you might be tempted to use OpenWrt's administrative Web
('LuCI') interface after taking the router home and plugging it in.
Which begs the question:  From where?

You believe your workstations to be security-compromised.  If you
administer LuCI from one of those, even if the connection between your
workstation and OpenWrt is encrypted,....  I trust you see the problem.
It's inherent in cryptography that an SSH or SSL connection between host
A and host B is free from snooping only if _both_ A and B themselves are 
secure -- and, in this case, you believe A to have been 'rooted'.

You also need to start doing some pondering of how both MS-Windows and
Ubuntu Linux became root-compromised merely because your Linksys did.
If you don't at least come up with a credible working hypothesis and 
make sure you close that security hole, you will remain at ongoing risk,
either if your router gets compromised again _or_ if you ever have a
compromised machine behind the gateway, e.g., if your MS-Windows machine
gets compromised again by running malware with Administrator-level
privilege.

In the case of Ubuntu Linux, this suggests that you study carefully how
you set up the box, what network services it offers, and by what means
(if at all) remote users can remotely login or otherwise remotely use
services on it.  Fortunately, it _should_ be really easy to setup Ubuntu
to be a single-user local workstation with essentially no advertised
network services whatsoever, and then your main security threats then
become badly designed and security-risky proprietary software exposed to
public data, such as Adobe Acrobat Reader and Adobe Flash, which you
should either not install at all or should severely limit (such as using
Adobe Flash's browser plugin only with NoScript).

We should talk further about that.



----- End forwarded message -----

More information about the conspire mailing list