I usually read Starts With A Bang [1] and GrrlScientist [2] on Forbes. The former writes well grounded articles on particle physics and cosmology while the latter presents good summaries of recent findings in biology.
The page with the most technical content is https://www.pentestpartners.com/security-blog/breaking-bad-f... with a title of "Breaking (bad) firmware encryption. Case study on the Netgear Nighthawk M1". Non-technical Forbes summary and headline is good for discovery (e.g. search/bots), technical overview links threads of research, and case study enables replication. Each page has a role.
It's usually not hard to get a root shell on these things from the user-facing web management page, in my experience. It's not surprising to learn that they're remotely-exploitable too.
I strictly use my iPhone to tether. I keep it updated with the latest updates but I still worry about it being remotely exploitable but I feel a lot more safe with it than these other devices.
If all your hotspot does, be it iPhone, Linux box or anything else, is forwarding VPN traffic between your devices and your cloud instance (your VPN exit node), why should you care about hotspot vulnerabilities?
The device running the VPN is still exposed to the attacker-controlled device. Now, on a decently-configured system this is probably fine (your workstation doesn't allow password-based SSH, right?), but it's still not great.
Seems silly to care so much about your tethered connection when the average home network has a bunch of computers, random IOT kit, a end-of-lifed smart TV, friends mobile devices and the random MAC addresses in your DHCP lease pool that you can't even account for.
Network security is unmaintaniable. Start caring about defensible boundaries instead.
To some extent, sure; seriously, you should be okay exposing your laptop to an attacker-controlled hotspot. I'm actually pretty sure my machines would be fine exposed like that. But that doesn't mean that you shouldn't minimize that exposure if possible:)
Also, I really do question the premise; it is possible to be selective with what you let on your network. You shouldn't rely on it, of course, but again, better to minimize exposure.
I buy cheap Motorola phones, put LineageOS on them, and pick the security patches as they come along. This is a better way to go about it as it's unlikely any of these standalone units will get firmware updates.
Two benefits:
1. I get many security holes patched.
2. I get a hotspot on a phone plan, which is usually cheaper and can be used as a second phone.
24 comments
[ 4.9 ms ] story [ 59.1 ms ] threadhttps://www.nytimes.com/2019/07/21/business/media/jeffrey-ep...
[1] https://www.forbes.com/sites/startswithabang/
[2] https://www.forbes.com/sites/grrlscientist/
Network security is unmaintaniable. Start caring about defensible boundaries instead.
Also, I really do question the premise; it is possible to be selective with what you let on your network. You shouldn't rely on it, of course, but again, better to minimize exposure.
"IoT": The Internet of Unpatched Linux Devices...
Go back to reddit.
Piss off.
Two benefits:
1. I get many security holes patched.
2. I get a hotspot on a phone plan, which is usually cheaper and can be used as a second phone.