[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] "Plan for More Secure, Reliable Wi-Fi Routers"
- Subject: [Discuss] "Plan for More Secure, Reliable Wi-Fi Routers"
- From: greg at freephile.com (Greg Rundlett (freephile))
- Date: Wed, 14 Oct 2015 13:21:40 -0400
- In-reply-to: <Pine.NEB.email@example.com>
- References: <Pine.NEB.firstname.lastname@example.org>
Fantastic! Greg Rundlett https://eQuality-Tech.com https://freephile.org On Wed, Oct 14, 2015 at 9:35 AM, Stephen Ronan <sronan at panix.com> wrote: > > ---------- Forwarded message ---------- > Date: Wed, 14 Oct 2015 08:51:43 -0400 > From: David Farber <farber at gmail.com> > To: ip <ip at listbox.com> > > Global Internet Experts Reveal Plan for More Secure, Reliable Wi-Fi > Routers - and Internet Letter to FCC Requests Mandates for Securing and > Updating Wi-Fi Devices > > October 14, 2015 06:00 AM Eastern Daylight Time > > WASHINGTON--(BUSINESS WIRE)--In a letter submitted to the Federal > Communications Commission (FCC), Dave Tht, co-founder of the Bufferbloat > Project, and Dr. Vinton Cerf, co-inventor of the Internet, along with more > than 260 other global network and cybersecurity experts, responded to the > newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices > such as Wi-Fi routers by unveiling a new approach to improve the security > of these devices and ensure a faster, better, and more secure Internet. > > "The recommendations in this document would go a long way toward ensuring > the existence of a highly performant, secure, and regulation-compliant > Internet far into the future." > > The letter was filed during the agency.s public comment period on this > issue. > > Dave Farber, former Chief Technologist of the FCC, supports the new > approach, stating, "Today there are hundreds of millions of Wi-Fi routers > in homes and offices around the globe with severe software flaws that can > be easily exploited by criminals. While we agree with the FCC that the > rules governing these devices must be updated, we believe the proposed > rules laid out by the agency lack critical accountability for the device > manufacturers." > > "We can't afford to let any part of the Internet's infrastructure rot in > place. We made this proposal because the wireless spectrum must not only be > allocated responsibly, but also used responsibly. By requiring a bare > minimum of openness in the technology at the edge of the Internet, we'll > ensure that any mistakes or cheating are caught early and fixed fast," said > Dr. Vint Cerf, a co-inventor of the Internet and also Senior Vice President > and Chief Internet Evangelist at Google. > > To improve accountability significantly while keeping the original intent > of the regulation, the signatories, who also included Dr. Paul Vixie, Dr. > Sascha Meinrath, Dr. Nick Feamster, Jim Gettys, Dr. David P. Reed, Dr. > Andreas Petlund, Jeff Osborn, and other well-known industry experts, > recommend the FCC mandate the following actions: > > 1. Any vendor of software-defined radio (SDR), wireless, or Wi-Fi radio > must make public the full and maintained source code for the device driver > and radio firmware in order to maintain FCC compliance. The source code > should be in a buildable, change-controlled source code repository on the > Internet, available for review and improvement by all. > > 2. The vendor must assure that secure update of firmware be working at > time of shipment, and that update streams be under ultimate control of the > owner of the equipment. Problems with compliance can then be fixed going > forward by the person legally responsible for the router being in > compliance. > > 3. The vendor must supply a continuous stream of source and binary updates > that must respond to regulatory transgressions and Common Vulnerability and > Exposure reports (CVEs) within 45 days of disclosure, for the warranted > lifetime of the product, or until five years after the last customer > shipment, whichever is longer. > > 4. Failure to comply with these regulations should result in FCC > decertification of the existing product and, in severe cases, bar new > products from that vendor from being considered for certification. > > 5. Additionally, we ask the FCC to review and rescind any rules for > anything that conflicts with open source best practices, produce > unmaintainable hardware, or cause vendors to believe they must only ship > undocumented .binary blobs. of compiled code or use lockdown mechanisms > that forbid user patching. This is an ongoing problem for the Internet > community committed to best practice change control and error correction on > safety-critical systems. > > > "Our fight for a free and open Internet began long before the invention > and wide use of Wi-Fi home routers, whose manufacturers chose to base on > open software. We are at an important inflection point in the history of > the Internet. The FCC has an opportunity to take positive action that will > increase the security and performance not only of these devices, but also > influence how manufacturers develop secure Internet of Things while > preserving an open Internet," said Jim Gettys, Chairman, Bufferbloat > Project. > > "Networking research and innovation fundamentally depend on the ability to > modify firmware on CPE and deploy it in real-world settings in home > networks," said Dr. Nick Feamster, Acting Director of Center for > Information Technology Policy at Princeton University. > > "The Internet is now effectively a battleground with end-users, our > employers, our schools and our vendors on one side, and organized crime and > nation-states on the other side. Our home gateways are often repurposed by > our adversaries into weapons against us because these small, cheap plastic > boxes are unpatchable, abandoned by their makers, and completely opaque. > These devices are currently the Internet's public enemy #1. The plan > proposed would significantly decontaminate our technology supply chain," > said Dr. Paul Vixie, CEO of Farsight Security, Inc. > > "The recommendations in this document would go a long way toward ensuring > the existence of a highly performant, secure, and regulation-compliant > Internet far into the future," said Jonathan Corbet, Executive Editor, > LWN.net. > > "As the recent revelations about the 'Moon Worm,' 'DNSchanger,' and > 'Misfortune Cookie' and now the Volkswagen scandal illustrate, secret, > locked-down firmware represents a clear and present danger to the security > of the Internet," said Ted Lemon, recent Area Director at the IETF. > > "If we raise the bar for firmware code quality, maintenance, and upgrades, > we can finish beating bufferbloat, especially on Wi-Fi, deploy IPv6 faster, > improve security, and build a vastly better Internet, for everybody," said > Dave Tht, Architect, CeroWrt, co-founder, Bufferbloat Project. > > If you care about this important issue and agree with our approach, please > contact your local Congressional representative and share our letter with > them. For media interview requests or other inquiries, please contact > media at bufferbloat.net. > > About the Bufferbloat Project > > The Bufferbloat Project is an international coalition of individuals, many > who were instrumental in the development of the Internet, and several with > Wi-Fi, deeply concerned about the future health, speed, and safety of the > edge of the Internet. In operation for 5 years, and working primarily on > third-party firmware, it has pioneered new algorithms, boosted safety and > security, helped develop new standards, and worked to make as much of this > new theory and code available as possible for all to use. For more > information, please visit http://www.bufferbloat.net. > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss >
- [Discuss] "Plan for More Secure, Reliable Wi-Fi Routers"
- From: sronan at panix.com (Stephen Ronan)
- [Discuss] "Plan for More Secure, Reliable Wi-Fi Routers"
- Prev by Date: [Discuss] "Plan for More Secure, Reliable Wi-Fi Routers"
- Next by Date: [Discuss] weird disk issues
- Previous by thread: [Discuss] "Plan for More Secure, Reliable Wi-Fi Routers"
- Next by thread: [Discuss] weird disk issues