Ars Technica: 12M home and business routers vulnerable to critical hijacking hack
Yesterday Ars Technica ran an article once again detailing how millions of consumer and SMB routers are vulnerable to exploit. This exploit, dubbed Misfortune Cookie, leaves the network open to those who would penetrate your systems and steal your personal information. The vulnerability is many years old, and the fix almost a decade old. Even so, it seems that there are still devices being offered that include the vulnerable code.
Announcements like this make me glad that we rely on well-proven, open source software for our network edge. We’ve long used m0n0wall and pfsense around here. Software such as these running on a small, single board computer, are a compelling solution. Sure, it costs more than a bargain router from Frys. The piece of mind is worth the extra $100.
A recent little project that I’ve been working on has used some Buffalo routers, but in that case we use those models that run DD-WRT, the open source firmware for small consumer router hardware.
There are so many great, open source solutions available. I see no reason to risk the cheesy consumer routers.