Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

EFF Releases Wireless Router Firmware For Open Access Points

Soulskill posted about 4 months ago | from the secure-is-as-secure-does dept.

Electronic Frontier Foundation 56

klapaucjusz writes: The EFF has released an experimental router firmware designed make it easy to deploy open (password-less) access points in a secure manner. The EFF's firmware is based on the CeroWRT fork of OpenWRT, but appears to remove some of its more advanced routing features. The EFF is asking for help to further develop the firmware. They want the open access point to co-exist on the same router as your typical private and secured access point. They want the owner to be able to share bandwidth, but with a cap, so guests don't degrade service for the owner. They're also looking to develop a network queueing, a minimalist web UI, and an auto-update mechanism. The EFF has also released the beta version of a plug-in called Privacy Badger for Firefox and Chrome that will prevent online advertisers from tracking you.

Sorry! There are no comments related to the filter you selected.

In Germany (3, Informative)

Anonymous Coward | about 4 months ago | (#47512053)

we have freifunk. They develop such software. It also bypass the so called "störerhaftung" (disturber liablility), which makes people liable for anyone that used their hotspot as long as they cannot prove they secured their wifi as much as they could.

Re:In Germany (1)

master5o1 (1068594) | about 4 months ago | (#47512471)

How does it bypass that?

Re:In Germany (0)

Anonymous Coward | about 4 months ago | (#47512575)

It proves that they secured their wi-fi as much as they could for the primary users ... and then they shared secondary acess to the public

Re:In Germany (0)

Anonymous Coward | about 4 months ago | (#47512929)

They route it through a VPN. One was in sweden, but some others use also one in Berlin, and trying to get the "provider priviledge": when you're large enough (a vague term), you count as provider, and then the rule doesn't apply to you.

Another good idea, but... (-1, Flamebait)

djupedal (584558) | about 4 months ago | (#47512061)

It's just another opportunity for yet more security issues with yet another promise to stop tracking.

Sounds like someone hit some consumer hot buttons so they could make it an easier to swallow scheme. Beware cons bearing gifts...

Re:Another good idea, but... (-1)

Anonymous Coward | about 4 months ago | (#47512129)

Yes, lets stop all development efforts because:

1. Its an organized entity who has alterior motives to what they are portraying.
2. Progress causes possible problems and things work now, why cause problems and change things?

I'm all for reading-between-the-lines, but this is the EFF we're talking about and all of these things are open sourced.

Which leads me to an interesting tangent - when an certain type of critical but boring (security?) open-sourced project is released, it gets media attention for filling a nitch or quickly gaining critical mass. When it gets media attention, it gets the Many Eyes that fix the bugs. Given time, the software becomes stable and boring. No media attention. Less eyes. More bugs. BIG BUG! Big media attention! Look at how critical this software is! Many eyes fix the bugs. Rinse. Repeat.

OpenSSL is a prime example. If you've been on a mailing list for a long time, you know what I'm talking about already. You've seen this effect.

DD-WRT is a good example, look at news releases then the flurry of old and new devs on pull requests.

Therefore judge a project not on how many security holes it could possibly have at some point in its development life cycle. Instead judge it by its ability to penetrate critical mass and make huge headlines when a security hole *is* found. That will cause the code to be more thoroughly reviewed at least at *some* point in its lifecycle, thus guaranteeing it have patches available.

Buffalo DD-WRT routers please (1)

Bodhammer (559311) | about 4 months ago | (#47512089)

Buffalo Routers that run DD-WRT please! I'm sorry I don't have time to do the port...

Re:Buffalo DD-WRT routers please (0)

Anonymous Coward | about 4 months ago | (#47512269)

From the webpage of my wifi ap/router:

Router Model Buffalo WHR-G54S
Firmware Version DD-WRT v24-sp2 (08/07/10) std - build 14896

(but yes, that is old and i do not know if new versions still work)

Re: Buffalo DD-WRT routers please (-1)

Anonymous Coward | about 4 months ago | (#47512283)

If you are running ddwrt, then it's trivial to configure this. What the fuck is there to "port"?

Moron.

Re: Buffalo DD-WRT routers please (0)

Anonymous Coward | about 4 months ago | (#47512727)

Don't be a twat, I know that is difficult for you...

Re: Buffalo DD-WRT routers please (1)

jones_supa (887896) | about 4 months ago | (#47513873)

If you are running ddwrt, then it's trivial to configure this. What the fuck is there to "port"?

Moron.

Just relax now, the nurse will administer the morphine soon.

Re:Buffalo DD-WRT routers please (1)

Anonymous Coward | about 4 months ago | (#47513461)

Buffalo Routers that run DD-WRT please! I'm sorry I don't have time to do the port...

Yes,
From the EFF page..

'..Currently the software runs on one specific model of hardware (the Netgear WNDR3800) ..'

from the Cerowrt page..

'..To minimize the effects of hardware dependencies, we have chosen the Netgear WNDR3700v2 or WNDR3800 as the sole hardware for the experiments. Note: The WNDR3700v3 and v4 models that have recently appeared on the market do not work with CeroWrt; purchase the WNDR3800 if you want to be future-proof...

Quick check on the WNDR3800, it's been EOL'd by Netgear, and isn't that readily available on the second-hand market where I am. (and the currently still available WNDR3700 is a v4 which, from the Cerowrt page ' ..The WNDR3700v3 and v4 models that have recently appeared on the market do not work with CeroWrt..')

So, by the looks of it, I'll be sticking to my linksys, d-link and tp-link hardware and a.n.other firmware for a while yet..you'd really think they'd check on the wider availability of their target system hardware before going down this apparently dead-end path.

Re:Buffalo DD-WRT routers please (0)

Anonymous Coward | about 4 months ago | (#47513861)

I'm sorry I don't have time to do the port...

Don't worry, we can always find some sucker from the open source community who will sacrifice all his time for the job and ask no money for it.

Re:Buffalo DD-WRT routers please (1)

Anonymous Coward | about 4 months ago | (#47514945)

I'm sorry but Buffalo routers are fscking GARBAGE. I've purchased god-knows-how-many routers for clients and myself and I bought into the hype about how Buffalo routers are so wonderful and they run DD-WRT and they aren't like other brands. BULLSH!T. They are crippled by weak azz wifi and no matter how many times I factory reset (60, 60, 60) the settings from my previous configuration persist. Called their "tech support" line and was told that the features that I PAID FOR were unsupported and that they were NEVER going to to support the features because they're DD-WRT specific.

FSCK Buffalo routers. I took another risk in purchasing Ubiquiti's line of products and I'm VERY pleasantly surprised, as I was certain their products (priced insanely cheap) would also turn out to be junk but instead, are some of the best routers and wifi units I've ever installed. Not sure about their cameras. I have another supplier for that tho.

tl;dr: FSCK Buffalo routers. Worthless.

Can't wait for the cops to bust down my house (1, Interesting)

Anonymous Coward | about 4 months ago | (#47512095)

because some pervert tried to download child pornography!

Re:Can't wait for the cops to bust down my house (0)

binarylarry (1338699) | about 4 months ago | (#47512207)

Why did someone mod this guy down?

Illegal use of your access point could have serious consequences (unless it somehow confers Common Carrier Protection of Interneting +4 which I'm unaware of)

Re:Can't wait for the cops to bust down my house (0)

Anonymous Coward | about 4 months ago | (#47512403)

Why did someone mod this guy down?

Pedos get mod points too.

Re:Can't wait for the cops to bust down my house (2)

ChunderDownunder (709234) | about 4 months ago | (#47512553)

The 'fraud squad' already contacted me about credit card skimming traced to our home internet, whereby someone had hacked our wifi in a drive-by usage. They suggested we change our password but you wonder how secure WPA2 is anyway...

The local ISP, Telstra, is said to soon be trialling nationwide 'free wifi' to ADSL2 customers by offering a free modem with segregated wifi. So I wonder what firmware they plan to use.

Re:Can't wait for the cops to bust down my house (2)

Charliemopps (1157495) | about 4 months ago | (#47512655)

Why did someone mod this guy down?

Illegal use of your access point could have serious consequences (unless it somehow confers Common Carrier Protection of Interneting +4 which I'm unaware of)

And how many Starbucks owners do you see in federal prison?

Re:Can't wait for the cops to bust down my house (0)

Anonymous Coward | about 4 months ago | (#47512847)

There is only ONE starbucks owner. Starbucks. And the wifi is owned by ATT

beta sucks

Re:Can't wait for the cops to bust down my house (1)

Belial6 (794905) | about 4 months ago | (#47513165)

Exactly. There is WAY too much free wifi access in the US for anyone but the most paranoid to think that open wifi would be anything but plausible deniability in the case that someone did get onto your router.

Re:Can't wait for the cops to bust down my house (1)

binarylarry (1338699) | about 4 months ago | (#47515247)

Starbucks owners have a lot of money and are incorporated with the state.

Most people aren't in that category.

Re:Can't wait for the cops to bust down my house (1)

Anonymous Coward | about 4 months ago | (#47513261)

If the EFF wanted to be really cool they could make their router firmware set up a transparent proxy so that the anonymous users are routed onto the TOR network. Their Internet access would be slower, but it couldn't be traced to the owner of the router. Also, increasing the size of the TOR network would increase the amount of anonymity it offered.

Re: Can't wait for the cops to bust down my house (0)

Anonymous Coward | about 4 months ago | (#47513981)

I setup a tor relay (not exit node) and within days my bank blocked my IP. That was an annoying thing to explain to my wife. Many sites apparently block any IP that even runs a relay. Really sucks. After shutting off the relay for a few days they unblocked us.

WFA-UNAUTH-TLS (1)

Anonymous Coward | about 4 months ago | (#47512139)

WFA-UNAUTH-TLS

Just gonna throw that out there.

Re:WFA-UNAUTH-TLS (0)

Anonymous Coward | about 4 months ago | (#47512311)

Thanks for throwing this out there.

Re:WFA-UNAUTH-TLS (1)

Anonymous Coward | about 4 months ago | (#47513707)

> WFA-UNAUTH-TLS

For those wondering WTF that is:

Seems to be a TLS protocol standard for clients to talk to an open wifi access point but still encrypt the traffic over the air to prevent snooping ala firesheep. [wikipedia.org]

liability? (1)

motorsabbath (243336) | about 4 months ago | (#47512201)

So if you're sharing your wi-fi with the public at large and someone commits an "Internet Nasty" while connected via your router - who is criminally liable?

Re:liability? (1)

binarylarry (1338699) | about 4 months ago | (#47512223)

You could roll over to their house, connect to their access point and GNAA the fuck out of slashdot to get their IP banned.

Oops.

Re:liability? (1)

Anonymous Coward | about 4 months ago | (#47512425)

So if you're sharing your wi-fi with the public at large and someone commits an "Internet Nasty" while connected via your router - who is criminally liable?

As lawyers, this is a bonus for the EFF. The innocent party who owned the wifi and shared, who gets caught up in all the legal nastiness is good for their donations and publicity.

Re:liability? (1)

Rick Zeman (15628) | about 4 months ago | (#47512435)

So if you're sharing your wi-fi with the public at large and someone commits an "Internet Nasty" while connected via your router - who is criminally liable?

No kidding. I don't see the EFF offering to indemnify any users.

Re:liability? (2)

Charliemopps (1157495) | about 4 months ago | (#47512695)

So if you're sharing your wi-fi with the public at large and someone commits an "Internet Nasty" while connected via your router - who is criminally liable?

Who's liable when they roll into the parking lot of the local Best Western and do the same thing?

Making it public is what makes you immune. If it's not public, then you're verifying that all activity from your IP is your own. Making your connection free for others to use re-anonymizes your IP address.

Re:liability? (2, Insightful)

Anonymous Coward | about 4 months ago | (#47513515)

Making it public is what makes you immune. If it's not public, then you're verifying that all activity from your IP is your own. Making your connection free for others to use re-anonymizes your IP address.

Firstly, running an open wifi point would be against my TOS
Secondly, being in breach of point the first, the police would then turn your argument round on it's head...running a public access point sir?, must be trying to bury your illegal traffic in amongst everyone else's..You're fuckin' nicked, me old beauty!

immunity my arse...you do realise that the upstream monitoring logs and classification of the traffic which led them to you in the first instance will then be produced in a court of law against you, and you'll then have to account for it?
I don't know if you've noticed, but the old innocent until proven guilty thing doesn't really apply when it comes to certain classes of crap nowadays, especially online, especially if there's a whiff of terrorism or paedophillia..

Re:liability? (1)

tlhIngan (30335) | about 4 months ago | (#47515851)

Who's liable when they roll into the parking lot of the local Best Western and do the same thing?

The fact it's usually traceable back to you?

A lot of those free wifi things require actually staying at the hotel where they'll happily give you a login and password (tied to your account, of course).

Though, I welcome the move - no more bandwidth limitations! I mean, the problem with all the wifi provided by ISPs Is you have to log into them and they often charge your account for bandwidth.

But if you can have free wifi using someone else's account, well, that makes torrenting all those Blu-ray's (at 50GB a pop) much easier. Suddenly 250GB doesn't seem so limiting anymore.

Re:liability? (0)

Anonymous Coward | about 4 months ago | (#47516707)

"Traceable"

Really? Have you ever visited Starbucks or McDonalds? Public open wifi is commonplace now.

The point? (0)

Anonymous Coward | about 4 months ago | (#47512273)

I get why the EFF wants to do this. It creates a situation where if lots of people run and use free access points, the legal system will start to realize that an IP doesn't identify an individual. I get it.

What I don't get is why on earth you'd want to give any of your internet bandwidth to the public if you're living in a private residence. I see absolutely no benefit to me in running one. And I also see no benefit in connecting to one. I never connect to unknown and unsecured access points. Why on earth would anyone want to? What's the point of 4G and shit like that if in the end you're sill relying on peoples' free wireless access points?

I see no point in runnin one and no point in connecting to one.

Re:The point? (3, Insightful)

binarylarry (1338699) | about 4 months ago | (#47512333)

Do you really trust your mobile telco much more than a random wifi router?

I dont.

Re:The point? (0)

Anonymous Coward | about 4 months ago | (#47512623)

The most ridiculous comment I've seen today.

Re:The point? (2, Insightful)

Anonymous Coward | about 4 months ago | (#47512577)

> What I don't get is why on earth you'd want to give any of your internet bandwidth to the public if you're living in a private residence.
> I see absolutely no benefit to me in running one.

I do it because it costs me nothing to help out someone.

> What's the point of 4G and shit like that if in the end you're sill relying on peoples' free wireless access points?

Indeed. What is the point of paying for 4G by the bit when you can use free wifi instead?
I think you've answered your own question.

Re: The point? (3, Interesting)

Anonymous Coward | about 4 months ago | (#47512813)

It's called sharing. The world would be a better place if more people did it.

Re: The point? (0)

Anonymous Coward | about 4 months ago | (#47514331)

Great. Let's all share wallets.

You first.....

You don't like that one? OK, How about I share first, with public wifi access point with a proxy configured to do man-in-the-middle decrypt and rebundling of all SSL traffic? Then *you* can share the passwords you use for your bank, and email, and github?

Ahh, you don't want to share? OK, how about I just share my trojaned copy of the security tools at https://git.centos.org or bitbucket or github, with a faked Verisign certificate to verify the fraudulent SSL certificate (see http://nakedsecurity.sophos.com/2010/06/23/trojbhoqp-verisign/) That's just me sharing, right, so you don't mind?

Hint: if you want to "share" so much, I hope you brought condoms and penicillin for *everyone*.

Re: The point? (0)

Anonymous Coward | about 4 months ago | (#47514933)

Maybe you just dont understand sharing. Excess items that disappear or go to waste if not used (like bandwidth) are ideal for sharing. It costs nothing to share and you can make somebody happy and you will be happy. If Alice has three hamburgers and Bob has none, why wouldn't Alice share? Come on! Kids are taught that it is nice to share but adults can't seem to figure it out.

Re: The point? (0)

Anonymous Coward | about 4 months ago | (#47516961)

configured to do man-in-the-middle decrypt and rebundling of all SSL traffic?

If only we had a specific list of CAs that were considered valid for signing SSL certs in our browsers to detect this kind of thing... hmm

Re:The point? (0)

bigfinger76 (2923613) | about 4 months ago | (#47512875)

I know this question is way off-topic, but I just have to know...
Are you a religious person, and if so, what religion?

Re: The point? (0)

Anonymous Coward | about 4 months ago | (#47513567)

The "legal system" does not and will not care for EFF's arguments. Instead, they will round up some poor idealistic schmucks who fell for this and make a harsh example out of them to keep the rest in line.

Obsolete before it was released. (1)

viperidaenz (2515578) | about 4 months ago | (#47513183)

That's cool, but the only hardware it officially supports is End of Life.
WNDR3800 http://support.netgear.com/pro... [netgear.com]

Re:Obsolete before it was released. (1)

Zebai (979227) | about 4 months ago | (#47513313)

Other than reduced availability for sale I don't think being end of life should really matter you would not get support from netgear on a custom firmware.

I just feels to me like the EFF wants to reinvent the wheel here. There are already routers/firmwares out there that support multiple wifi ssid's just make one of them a guest id public or not.

Re:Obsolete before it was released. (1)

Anonymous Coward | about 4 months ago | (#47513813)

Other than reduced availability for sale I don't think being end of life should really matter you would not get support from netgear on a custom firmware.

This isn't about Netgear support, the point is that by choosing a target system that you can now only get on the used market (and, from my cursory check this morning, it isn't exactly a common model you see coming up regularly, at least, here) they've (EFF) immediately scored an own-goal by putting off people who might want to try this out by making an apparently stupid choice of base distro and target hardware.

A quick check of the spare routers I have currently doing nothing, Linksys, d-link, trend, tp-link, and, yes, netgear are represented, at work I've spare Linksys and d-link routers, a quick check of the local second-hand market throws up a lot of tp-link, linksys and d-link routers, some Netgear kit, but not this model.

By picking a base distribution (Cerowrt) which was limited to only two router models (Netgear WNDR3700v2 or WNDR3800) then restricting the development to the one of these two (WNDR3800) which is EOL'd looks, to me, like a wee bit of a stupid move if they want any sort of mass adoption, I mean, just look at the number of boxes openwrt supports as an example.

Privacy Badger? (0)

Anonymous Coward | about 4 months ago | (#47513263)

Privacy Badger for Firefox, when I installed it a few months ago, completely killed my ability to log in with Facebook (OAuth) on several sites I frequent. Removing it didn't fix the problem. Needless to say, I copied another Firefox (Portable) installation over the screwed-up version and never looked back.

Re:Privacy Badger? (0)

Anonymous Coward | about 4 months ago | (#47513547)

Then you screwed it up. Privacy Badger works fine for me and others, I can configure it for each page if needed, and turn it off with a single click.

If you copied a new portable Firefox over the previous one, did you bother to install Privacy Badger a second time to see if the problem reoccurred? If not, then it's like saying "I tried Java once. It didn't work on one page so, needless to say, I removed Java and never tried it again."

.

Re:Privacy Badger? (0)

Anonymous Coward | about 4 months ago | (#47513915)

Shut up, you grunchy swine-man. It must work for the very first time or it is garbage software. I'm not wasting my time with applications like that. I'm tired of those "it works for me, so of course must for everyone". There's a concept called "quality assurance", you might want to look it up. Thank you. Now I'm going to get my leather jacket and elegantly walk away.

CeroWRT != Fork (0)

Anonymous Coward | about 4 months ago | (#47513775)

CeroWRT isn't really a fork as described in the summary, it's more of an experimental branch/playground of sorts, with any relevant development being fed back upstream to OpenWRT. (It tends to rebase on OpenWRT head fairly regularly).

From the website https://www.bufferbloat.net/projects/cerowrt [bufferbloat.net] :

"CeroWrt is a project built on the OpenWrt firmware to resolve the endemic problems of bufferbloat in home networking today, and to push forward the state of the art of edge networks and routers. Projects include proper IPv6 support, tighter integration with DNSSEC, and most importantly, reducing bufferbloat in both the wired and wireless components of the stack."

EFF strikes again... (1)

Jay Maynard (54798) | about 4 months ago | (#47514229)

This is just another spammer and net criminal enabler. The EFF has long fought against efforts to end spam. Encouraging wide-open net access with no accountability is just another step down that road.

The EFF: enabling spammers since the 1990s.

Re:EFF strikes again... (0)

Anonymous Coward | about 4 months ago | (#47514393)

> The EFF: enabling spammers since the 1990s.

1993, specifically, when Mitch Kapor stepped down from leadership and Jerry Berman took over and led them into moving to DC and bending over to get lobbyist money, you mean. The resulting "corporate sponsorship" they got for helping with the TeleCommunications Privacy Act was pretty obvious. It took their leadership roughly 5 years to realize just *how bad* of a corporate shill Berman was and to get him the hell out.

I actually had a chance to chat with John Perry Barlow about this roughly.... 15 years ago, when he was teaching at Harvard. Mitch Kapor wouldn't talk to me when I saw him around that time: I think he was still pissed that he didn't get that Department of Commerce cabinet position he was angling for in the Clinton administration when he resigned. I did *tell* him they would not put a geek in that position, at an EFF party.

They've gotten better since then, fortunately, but their focus has been somewhat scattered ever since Mitch stepped down.

What I want (0)

Anonymous Coward | about 4 months ago | (#47516209)

1) Ability to log on normally with password (done)
2) Guest account with no password (done)
3) Ability to set guest accounts to Tor-only (must have)
4) Ability to charge guests for service using bitcoin or something similar (would be nice)
        4.1) With micropayment channel support (would be very impressive)

The big problem right now is that it's simply not worth the risk for me to share my internet connection. If I so much as get a phone call from my ISP, it's already more trouble than it's worth.

Verizon FIOS (0)

Anonymous Coward | about 4 months ago | (#47516363)

I use the Verizon FIOS service. Verizon provided a
Actiontec, Model Name: MI424WR-GEN2, Hardware Version: E
How do I encourage Verizon to enable, allow, install the EFF software?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?