> Patches are currently available only for the ATP, USG, USG Flex, and VPN series. Patches for the NXC series are expected in April 2021, according to a Zyxel security advisory.
4 months to deliver a security patch of this significance? Would love to know what kind of situation leads to that kind of latency.
Its almost as if Chinese companies are either just arms of the state, or thoroughly infiltrated by state actors! I don't think US-based hardware manufacturers are really any better though.
To me this just illustrates the need for fully open-sourced hardware and software with domestic production facilities.
Some execs or managers demanding a backdoor, then secretly privately selling the secret password to various nation states and private security companies (for personal profit)
17 comments
[ 3.2 ms ] story [ 48.1 ms ] threadhttps://en.wikipedia.org/wiki/Zyxel
https://github.com/elvanderb/TCP-32764
There is helpful hints in that research that enabled me to view the firmware of my own router
4 months to deliver a security patch of this significance? Would love to know what kind of situation leads to that kind of latency.
To me this just illustrates the need for fully open-sourced hardware and software with domestic production facilities.
Also, this is more likely a case of incompetence, not maliciousness.
Was the Solarwinds hack an act of malice, then?
Some execs or managers demanding a backdoor, then secretly privately selling the secret password to various nation states and private security companies (for personal profit)