Saturday , 21 July 2018
Home >> N >> Networking >> The Netgear router flaw post mortem — plenty of blame to go around

The Netgear router flaw post mortem — plenty of blame to go around

In the recent Netgear router flaw, it’s easy to blame Netgear for ignoring the initial report of the vulnerability. They have since admitted that it fell through the cracks. But there is plenty of blame to go around.

While Netgear owners are indebted to someone who goes by Acew0rm for finding the flaw, he appears to have dropped the ball. After notifying Netgear of the vulnerability on August 25, 2016 he walked away from the issue. His total effort in getting Netgear to acknowledge the problem was a single email message. I think he could have done more. When an email is not acknowledged, it’s not much work to re-send it a second or, if needed, a third time. 

And, then there is CERT. Who? According to their website: “CERT is a part of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) operated by Carnegie Mellon University.”

On December 9, 2016, CERT publicized the router flaw which drew a ton of attention to the problem. I heard about it from an article that quoted CERT as the source of the story. When CERT went public, it was unclear which Netgear routers were vulnerable. And, since there was no work-around, CERT drew a ton of press with their suggestion to take Netgear routers off-line. The inevitable headlines followed

close
==[ Click Here 1X ] [ Close ]==