Community discussions

MikroTik App
 
Dsaint33
just joined
Topic Author
Posts: 1
Joined: Mon Aug 25, 2014 4:40 am

Secure Firmware Downloads??

Mon Aug 25, 2014 5:03 am

I discovered these products years ago from an ad in a magazine, and they have served me well so far for basic home use, I just bought a new router last week and recommend to my friends also. I am also a listener of several podcasts. Recently when I went to download the latest updates, I remembered some security tips to follow from "Security Now" which has been in focus as this is now the post-Snowden era. This made me register just to ask this one question.

With all the recent focus on security I wonder why Mikrotik does not offer secure downloads of at least its programs and firmware. Are we to assume that the server sending that file when I clicked on the link was at Mikrotik, or was it a "server" in the middle sending me a customized version that will report home everything it sees in my home network.

We all need to take security seriously, at least have https downloads and post the md5, sha256, or whatever checksums to be sure that it was not "corrupted" in transit. Also this begs the question of how are automatic downloads secured.

Sincerely,

Long time user, first time writing.
 
User avatar
lordkappa
Member Candidate
Member Candidate
Posts: 133
Joined: Wed May 16, 2012 1:53 pm
Location: Vancouver, Canada

Re: Secure Firmware Downloads??

Mon Aug 25, 2014 10:45 am

Good idea, HTTPS would be welcome.

Posting an MD5 is worthless though; as any attacker who could intercept or alter your download would also be able to modify the downloads page so it showed the new modified file's MD5. :lol:

Who is online

Users browsing this forum: Bing [Bot], CGF and 42 guests