[sf-lug] Hacking embedded devices..
rick at linuxmafia.com
Tue Dec 21 18:06:16 PST 2010
Bobbie, no offence taken, but normally I post on mailing lists
in order to (try to) benefit the public forum, and not just specific
individuals. So, I am redirecting back from private mail, into which
you just departed, to the ongoing mailing list thread.
Naturally, if you ever want a private discussion, please just say so
(and why, if it's not obvious).
Quoting Bobbie Sellers (bliss at sfo.com):
> Can you give a pointer to a reference that OpenWRT is proof against
> this SSL exploit?
Um, not exactly.
The thing is, OpenWRT is a real Linux distribution. Real Linux
distributions don't have hard-coded SSL (or SSH) keys. You have to
create them when you configure the WAP/router.
Moreover, OpenWRT doesn't default to permitting administration from
the public interface, to begin with.
The best way to verify all this is to just play with OpenWRT. I got
a pair of WRT54Gv2 boxes for free as cast-offs, but they and similar
gear are really cheap at any time.
The real challenge is to find a _good_ set of WAP/router hardware that
has a desirable chipset (like Atheros), a decent amount of RAM and
firmware, and (preferable) at least one high-speed USB port. The
WRT54Gv2 has none of those things -- but is damned good for free
hardware. Best information source about good current makes/models is...
OpenWRT's discussion forums.
More information about the sf-lug