Peter K wrote:
"Point there was simply that it is "up for debate", though I would point out that debate tends to be useless. Because the facts will be unknown."Hence the second greatest mystery of modern mankind, with whom the mystery of Schneier's blog shy in comparison.
In context, which the snippet poorly shows, that mystery would be 'what secretly goes on deep in the shadows of controlling corporate and governmental influence'. A significant problem with debates on the matter, is people can not know, do not know, or they can not prove they know. With some very rare exceptions.
So debates and any other manner of discussion [including news reports, statements by pundits, and so on] generally involves very distant speculation.
A point I would stress here for readers is that the unbelievable does happen, and there are matters which go on which you would not believe even if told. This can be difficult for a lot of people to wrap their minds around. But, for many, they can perform some thought exercises to do so: for instance, for those with unusual intellects, such as a number of the posters here, you surely know there is much you can not speak to 'everyday people' about because they either would not understand, or straight up not believe you on. You are certainly not alone in that. But, just about anyone can search their experience and find some matters so statistically improbable, that they can not easily discuss it with strangers, and maybe even some matters too unbelievable to even discuss with friends.
Likewise, there are some things that go on in a decidedly controlling way in the 'corridors of power', that you simply will not heard about 'in the news'. And fact is, one of the best pieces of advice I ever got as a young person was not to believe what you read in the news.
There certainly are statistically highly improbable individuals, or individuals with extremely rare capacities, and moreso, there are collections of such individuals who get together in corporate, in private, in government. And do stuff. And to some degree, there are even statistically improbable training systems to help produce more. Anyone can ascertain examples 'like this', just considering what can be seen, such as elite groups of scientists, or even more seemingly mundane, elite groupings of the super wealthy.
on router security, attack and defense:
Besides what was said. Including that there is not 100% security for routers at this time. Granted, I do not think anything is 100% secure. I do believe going the custom route is most likely to get you the best security. Make sure you have a strong password, no additional accounts, and as few services running on it as possible.
I have dabbled with wrt and been tossing about considerations for writing security software "for it". I have not yet looked into what solutions may be available for it, recently. The last time I looked, it was dismal for all routers, hence partly for my idea. I do not mind throwing out some design models, but some include: a system which alerts the network at any access immediately (one way of doing this besides a direct client/server tcp type connection is by slightly disguised ordinary network traffic); a system which pipes out to another system (could even be tcp connection to home/work system client/server) all traffic for second degree inspections. That inspection could be for analysis against network traffic not seen, but should be seen on other routers, or on other systems, thereby revealing rootkits; and some minor, small encapsulated, advanced endpoint type solutions; tripwire like file integrity solutions; whitelist binary type solutions; anti-wifi attack code; etc.
Any of that is open for influence, freely, if it gives anyone ideas. I am usually simply too lazy to write up stuff, reality: just have better things to do.
Sooner or later, someone will write some of those solutions, regardless. They are inevitable type of solutions. Though some of these sorts of solutions can run on other network devices.
Compromise of routers typically are through simply bad mistakes such as leaving extraneous services up like web management solutions, as well as through default passwords and bad passwords and usernames.
Zero day is typically found in the extraneous services. They are poorly QA'd, usually no security "qa" at all, no security analysis. And zero day that is full disclosed ends up mainstream for script kiddies. Updates are difficult to do is another major issue, and often not done at all by end users. Updates by vendors are slow, if at all.
You can deeply mitigate all those basic problems on your router -- you can certainly do so even better with open source, custom router you carefully learn and set up.
If you are a noob to router attacks, an excellent way to educate your self is get a wifi pineapple and explore. Use it. Relatively low brow, but hands on experience is good, and it has a range of attacks. Largely focused on wifi, but wifi is important, and many principles are the same or similar.
Some of the very worst attacks are poorly known. Barnaby Jack, for instance, showed in the early 2000s how code can be written for routers to search incoming traffic for windows executables being downloaded by downstream systems -- any such download is then trojanized at the router and so high chance of all downstream systems are compromised.
There are many variations on that theme.
Routers can also serve as "middle men" for unique rootkits on downstream systems. A good one is one which alters the systems trusted store, so all encrypted traffic which relies on the trusted store is able to be broken.
Reliance on downstream systems and encryption is a critical facet of router security and these sorts of problems. End to end encryption. And remember, besides your own router, there are many systems your unencrypted traffic passes from here to there.
Unfortunately, if the downstream system is compromised, there are many potential changes to how it handles 'end to end encryption' which could make it appear to work, but the integrity of it be entirely broken. Besides just alterations of the trusted store.