Anonabacklash

| No Comments | No TrackBacks

Wired's piece on the Anonabox backlash is quite a reversal:

...as of Thursday morning, the backlash against that project had become so severe that its total funding was actually ticking down rather than up, as disillusioned backers pulled their pledges faster than others could make them. The comments section on the Kickstarter page had filled with users accusing the project's creators of fraud, many asking Kickstarter to cancel the fundraiser.

More worrisome than whether or not its circuit boards are truly "custom" are the security concerns:

But as the security community has taken notice of Anonabox over the last week, its analysts and penetration testers have found that the router's software also has serious problems, ones that could punch holes in its Tor protections or even allow a user to be more easily tracked than if they were connecting to the unprotected Internet. "I'm seeing these really strange smells and poor practices in their pilot beta code," says Justin Steven, a computer security analyst based in Brisbane, Australia. "It scares me if anyone is relying on this for their security." [...]

In its default state, the Anonabox doesn't password-protect its wireless network. That means that anyone who sets up an Anonabox without changing its settings can have their device completely compromised by a nearby hacker who has the easily identifiable root password. That wireless attacker could disable Tor or even infect the router with spyware that tracks the user's location wherever they take it.

The project's lead is spinning furiously:

Germar argues that all the criticisms of the Anonabox stem from miscommunication, not carelessness or any attempt to scam users. He admits that he should have made clear which parts of the Anonabox's hardware he sourced from China rather than give users the impression he was custom-building the parts from scratch. But he denies the software issues represent real vulnerabilities. Instead, he describes them as issues of user education. Germar says he intended to include warnings in the final documentation to change the router's root password, for instance.

No TrackBacks

TrackBack URL: http://www.cognitivedissident.org/mt/mt-tb.cgi/2876

Leave a comment

About this Entry

This page contains a single entry by cognitivedissident published on October 16, 2014 7:32 PM.

"nothing to do with whistleblowing or constitutional rights" was the previous entry in this blog.

anti-sex defense mechanisms is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

  • About
  • Contact
OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.031