12 million routers may not have been patched for Misfortune Cookie

Researchers at the security software company Check Point say they’ve discovered a serious vulnerability lurking inside the routers and modems used to deliver Internet connectivity to 12 million homes and small businesses around the world, and it’s going to be a complicated matter to fix it.

Dubbed the Misfortune Cookie, the weakness is present in cable and DSL modems from well-known manufacturers like D-Link, Huawei and ZTE, and could allow a malicious hacker to hijack them and attack connected computers, phones and tablets. An attacker exploiting Misfortune Cookie could also monitor a vulnerable Internet connection, stealing passwords, business data or other information. Check Point didn’t disclose how an attack might be carried out. Spokespeople for D-Link, Huawei and ZTE had no immediate comment on the vulnerability.

In an interview with Re/code, Shahar Tal, a researcher at Israel-based Check Point, said the company traced the vulnerability to a programming error made in 2002. That error originated with Allegro Software, the Massachusetts-based developer of RomPager, which unwittingly introduced it into the widely used embedded Web server…

The list of devices affected by Misfortune Cookie includes some 200 products from more than 20 companies. All told there are more than 12 million devices with the vulnerability in use today, including some that were manufactured as recently as this year. And yet to date, no real-world attacks using Misfortune Cookie have been detected.

Reached for comment, Allegro Software downplayed the severity of the vulnerability and its responsibility for it. “It’s a 12-year-old bug that was fixed nine years ago,” said CEO Bob Van Andel. He conceded, however, that many of Allegro’s customers haven’t bothered to install the code that protects RomPager against Misfortune Cookie — nor can the company force them to do so.

So, if you suspect your router or modem has the Misfortune Cookie – Tal suggests calling the manufacturer or the company that provided the equipment. See if they’re one of the bright ones that actually keeps up with patches. Of course, if that was true you would have already received notice of the update.

Right?

The Age of Vulnerability

Two new studies show, once again, the magnitude of the inequality problem plaguing the United States. The first, the US Census Bureau’s annual income and poverty report, shows that, despite the economy’s supposed recovery from the Great Recession, ordinary Americans’ incomes continue to stagnate. Median household income, adjusted for inflation, remains below its level a quarter-century ago.

It used to be thought that America’s greatest strength was not its military power, but an economic system that was the envy of the world. But why would others seek to emulate an economic model by which a large proportion – even a majority – of the population has seen their income stagnate while incomes at the top have soared?

A second study, the United Nations Development Program’s Human Development Report 2014, corroborates these findings. Every year, the UNDP publishes a ranking of countries by their Human Development Index (HDI), which incorporates other dimensions of wellbeing besides income, including health and education.

America ranks fifth according to HDI, below Norway, Australia, Switzerland, and the Netherlands. But when its score is adjusted for inequality, it drops 23 spots – among the largest such declines for any highly developed country. Indeed, the US falls below Greece and Slovakia, countries that people do not typically regard as role models or as competitors with the US at the top of the league tables…

In the US, upward mobility is more myth than reality, whereas downward mobility and vulnerability is a widely shared experience. This is partly because of America’s health-care system, which still leaves poor Americans in a precarious position, despite President Barack Obama’s reforms.

Those at the bottom are only a short step away from bankruptcy with all that that entails. Illness, divorce, or the loss of a job often is enough to push them over the brink…

American politicians continue to reject the words and work of prize-winning economists like Joe Stiglitz for a couple of reasons. First, he won’t keep quiet about endemic illness in our economy. Inequality of opportunity being among the primetime crimes. Second, he doesn’t mind pointing out who benefits from the lousy politics, sleazy economics of the conservatives who have built this inequality into a new testament of American capitalism. Starting with fossil fuel and energy barons and following the money trail into the pants of Congress.

RTFA for details of the latest Stiglitz essay on a nation with leaders who really don’t care about the lives of ordinary people. Just stay in line and don’t ask too many questions.

World’s areas most vulnerable to climate change mapped

climatemap
Click to enlarge

The authors say the vulnerability map will help governments, environmental agencies, and donors identify areas where to best invest in protected area establishment, restoration efforts, and other conservation activities so as to have the biggest return on investment in saving ecosystems and the services they provide to wildlife and people alike…

“We need to realize that climate change is going to impact ecosystems both directly and indirectly in a variety of ways and we can’t keep on assuming that all adaptation actions are suitable everywhere. The fact is there is only limited funds out there and we need to start to be clever in our investments in adaptation strategies around the world,,” said Dr. James Watson, Director of WCS’s Climate Change Program and lead author of the Nature study. “The analysis and map in this study is a means of bringing clarity to complicated decisions on where limited resources will do the most good.”

The researchers argue that almost all climate change assessments to date are incomplete in that they assess how future climate change is going to impact landscapes and seascapes, without considering the fact that most of these landscapes have modified by human activities in different ways, making them more or less susceptible to climate change.

A vulnerability map produced in the study examines the relationship of two metrics: how intact an ecosystem is, and how stable the ecosystem is going to be under predictions of future climate change. The analysis creates a rating system with four general categories for the world’s terrestrial regions, with management recommendations determined by the combination of factors…

Effective conservation strategies must anticipate not only how species and habitats will cope with future climate change, but how humans will respond to these challenges,” added Dr. John Robinson, Executive Vice President for Conservation and Science. “To that end, maintaining the integrity of the world’s ecosystems will be the most important means of safeguarding the natural world and our own future.”

A study worth staying in touch with for future planning and adaptation – presuming our species will be laggard as I expect in dealing with the human-manufactured causes of climate change. We’re not a species that deals well with accepting responsibility.

Follow the link to the original to see the key to the map up top.

Someone watching over your child by webcam – besides you?


Montage of other peoples’ webcam images

Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password. Internet addresses which link to the video streams have been posted to a variety of popular messageboard sites.

Users have expressed concern after finding they could view children’s bedrooms among other locations.

Trendnet says it is in the process of releasing firmware updates to correct a coding error introduced in April 2010. It said it had emailed customers who had registered affected devices to alert them to the problem.

However, a spokesman told the BBC that “roughly 5%” of purchasers had registered their cameras and it had not yet issued a formal media release despite being aware of the problem for more than three weeks…

“As of this week we have identified 26 [vulnerable] models. Seven of the models – the firmware has been tested and released…

Mr Wood added that the California-based firm estimated that “fewer than one thousand units” might be open to this threat in the UK, but could not immediately provide an exact global tally beyond saying that it was “most likely less than 50,000”.

Probably fewer than 1,000 and certainly fewer than 50,000. Sounds like casualty projections from the next US invasion of a smallish foreign land.

RTFA for lots of details, anecdotal information. Have one of these critters in your home? Turn the sucker off till you get a firmware update – and some geek site you trust says the update works.