e dot dot dot
a mostly about the Internet blog by

August 2019
Sun Mon Tue Wed Thu Fri Sat
       


Consumer Reports Finds Numerous Home Routers Lack Even Basic Security Protections

Furnished content.


For years now many hardware vendors have failed utterly to implement even basic security protections on most consumer-grade routers. D-Link, for example, just settled with the FTC after being sued for shipping routers with numerous vulnerabilities and default username/password combinations, despite advertising its products as "easy to secure" and replete with "advanced network security." Asus was similarly dinged by the FTC for shipping gear with numerous flaws and easily-guessed default username and password combinations.As such, it's not too surprising to see a new Consumer Reports study that found that a large number of mainstream residential routers lack even rudimentary security protections. 11 of the 26 major router brands examined by the organization came with flimsy password protection. 20 of the routers let users only change the password, but not the username of web-based router management clients. 20 of the routers also failed to protect users from repeated failed password login attempts, now commonplace on most apps, phones, and other services.Two thirds of the routers tested came with UDP enabled by default:

"Unless you have a device or some software that specifically asks for it, it's smart to turn this off, because UPnP has a history of serious security vulnerabilities. But our recent survey found that most people who buy a router don't adjust the settings, and even fewer may think to turn off UPnP."
Many attacks are made easier thanks to Luddite users. But there's a universe of steps these vendors could be taking that would make a dramatic impact, such as requiring that users change the default username and password before they're able to actually use the router. But, just like the security and privacy apathy seen in the IOT space, many vendors don't want to spend the money necessary to fix older gear, or even implement meaningful improvements in new kit. As a result, much of this gear is easily hijacked and integrated into botnets within minutes of being connected to the internet. Hardware vendors don't care as they've already made a sale, and consumers often lack the technical know-how to even know they've been compromised.As Consumer Reports notes, given the router's integral role in everything done in your home, it remains fairly dumbfounding that we're still collectively begging router manufacturers to give a damn:
"Routers are a critical part of our homes, says Robert Richter, who oversees security and privacy testing for Consumer Reports. They are the conduit through which all of your data travels, so it's crucial that we look closely at how they handle security. We hope both consumers and the industry pay close attention to our findings."
Of course if you've checked in with the dumpster fire that is security and privacy standards in the IOT space, shoddy routers are just one small part of a much broader problem. To that end Consumer Reports has done some really stellar work trying to create an open standards system that can be used to include security and privacy vulnerabilities in product reviews, helping to steer consumers away from buying gear from vendors who pretty clearly couldn't give a damn about consumer security and privacy.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 09-Aug-2019
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



Oops: Japan Anti-Piracy Proposals Probably Violate Its Constitution

Furnished content.


For over a year now, we've been discussing a worrying trend in Japan, where the government is looking to severely ramp up its anti-piracy efforts. The worry lies in the implications of these various proposed programs, including the censorship of internet sites supposedly used for piracy, the criminalization of pirating content, and how all of this is going to impact the public. One of the largest barriers to doing any of these expansions to copyright law is the Japanese constitution and legislation, which are fairly restrictive on matters of both censorship and the invasion of privacy. How the government thought it was going to route around those provisions is anyone's guess.But it seems there is confidence that it can do so, as every new proposal coming out looks to in some way violate Japan's constitution. The latest involves putting a system in place that would delivery popup warnings to anyone visiting a site that is deemed to be a "pirate site."

Additional proposals suggested that Internet users could be confronted with popup warnings when they visit pirate sites, either as an alternative to blocking, a deterrent, or to help people differentiate them from legal offerings. However, that plan is being viewed as a potential invasion of privacy too. A report compiled this week by an expert panel with the Ministry of Internal Affairs and Communications has concluded that such popup warnings could infringe citizens’ right to secrecy of communications.Asahi reports that in order to make this kind of system work, Internet service providers would first need to obtain consent from their subscribers so that monitoring their attempts to access certain sites would remain legal. The publication says that after the panel sought opinions from the public on the proposal, it was “bombarded by emails” sent by people calling for the plan to be rejected on privacy grounds.
That this does represent an invasion of privacy not allowed by Japanese law and the constitution is a fairly straight forward conclusion. Is it an invasion of privacy for the government to monitor the internet usage of its citizens? Yes, as Japan's legal system has already concluded. Can the government serve popup warnings to citizens for visiting certain websites without monitoring what sites they visit? No, it obviously cannot. Where the ambiguity is in any of this is beyond me.And so it seems the government is pushing ISPs to be their privacy-invading intermediaries.
Nevertheless, some ISPs have agreed to begin trialing a popup warning system during the fall, in order to assess its effectiveness. That will mean them first having to explain to their users that they wish to monitor their online behavior and then obtain legal permission to do so.Given a choice between being monitored by their ISP or not, it seems unlikely that many Internet users – if they actually understand the proposition – will willingly have someone watch over their communications.
Gee, let's see. So, the only way this all complies with Japanese law is if the ISPs do the monitoring of sites to serve popup warnings about piracy, but to do so requires the expressed opt-in permission of the very people who are supposedly visiting piracy sites? Dear Mr. Pirate: would you consent to having us monitor your internet usage and warn you when you're doing pirate-y things?This is obviously absurd and I expect the plan to be rejected. It would be much better for the entertainment industries pushing these proposals to be transparent in what they really want: a change to the Japanese constitution and law to allow the government and/or private interests to invade the privacy of all citizens, just because they think it will allow them to make a bit more coin without having to adapt to the modern digital world. Although, put that way, it's hard to see how that flies with the Japanese public either.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 09-Aug-2019
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



August 2019
Sun Mon Tue Wed Thu Fri Sat
       







RSS (site)  RSS (path)

ATOM (site)  ATOM (path)

Categories
 - blog home

 - Announcements  (0)
 - Annoyances  (0)
 - Career_Advice  (0)
 - Domains  (0)
 - Downloads  (3)
 - Ecommerce  (0)
 - Fitness  (0)
 - Home_and_Garden  (0)
     - Cooking  (0)
     - Tools  (0)
 - Humor  (0)
 - Notices  (0)
 - Observations  (1)
 - Oddities  (2)
 - Online_Marketing  (0)
     - Affiliates  (1)
     - Merchants  (1)
 - Policy  (3743)
 - Programming  (0)
     - Bookmarklets  (1)
     - Browsers  (1)
     - DHTML  (0)
     - Javascript  (3)
     - PHP  (0)
     - PayPal  (1)
     - Perl  (37)
          - blosxom  (0)
     - Unidata_Universe  (22)
 - Random_Advice  (1)
 - Reading  (0)
     - Books  (0)
     - Ebooks  (0)
     - Magazines  (0)
     - Online_Articles  (5)
 - Resume_or_CV  (1)
 - Reviews  (2)
 - Rhode_Island_USA  (0)
     - Providence  (1)
 - Shop  (0)
 - Sports  (0)
     - Football  (0)
          - Cowboys  (0)
          - Patriots  (0)
     - Futbol  (0)
          - The_Rest  (0)
          - USA  (0)
 - Technology  (1055)
 - Windows  (1)
 - Woodworking  (0)


Archives
 -2024  March  (170)
 -2024  February  (168)
 -2024  January  (146)
 -2023  December  (140)
 -2023  November  (174)
 -2023  October  (156)
 -2023  September  (161)
 -2023  August  (49)
 -2023  July  (40)
 -2023  June  (44)
 -2023  May  (45)
 -2023  April  (45)
 -2023  March  (53)
 -2023  February  (40)


My Sites

 - Millennium3Publishing.com

 - SponsorWorks.net

 - ListBug.com

 - TextEx.net

 - FindAdsHere.com

 - VisitLater.com