Hackers hijack 300, 000-plus wireless routers, make malicious changes | Ars Technica

[niels=nanog at bakker.net (Niels Bakker)]

>On 3/4/14, 11:52 AM, "Merike Kaeo" <kaeo at merike.com> wrote:
>>CPE devices are just a huge cesspool.  Any device that already 
>>doesn't let you change username 'admin' is off to a bad start.  We 
>>have to get these supposedly 'plug it in and never touch it' 
>>devices to be better at firmware upgrades.

* wbailey at satelliteintelligencegroup.com (Warren Bailey) [Tue 04 Mar 2014, 21:00 CET]:
>I don't know that they have a lot of motivation to support "legacy" 
>access points. The home brew guys tend to magically "find" ways to 
>install software on these POS CPE AP/Router combos, which I don't 
>think is a coincidence. The linksys types of the world want to sell 
>more routers, not make routers that suddenly have an amazing 8 year 
>shelf life. Most people get tired of that POS box that gives them 
>internet not working, and buy a new LESS POS with whatever 802.xxx 
>of the week/month/year/shopping season. The margins probably really 
>suck if you support a piece of plastic longer than __ months, so I 
>doubt you?ll see anyone supporting their cheap box any time soon. I 
>bet if you offered them a way to do it for free, they'd look at it 
>;)

Cisco tried doing this while they still owned Linksys and got huge 
blowback from the community, who felt that they'd lost control over 
their own devices and the data passing through them.

https://www.techdirt.com/articles/20120629/15451719541/you-dont-own-what-you-buy-part-15332-cisco-forces-questionable-new-firmware-routers.shtml 
http://arstechnica.com/civis/viewtopic.php?f=2&t=1177772 (whole thread) 
http://blogs.cisco.com/home/update-answering-our-customers-questions-about-cisco-connect-cloud-2/

(I fixed your quotes, by the way.  You may want to engage with your 
postmaster to unfuck your mail client's character set.)


	-- Niels.