Not to me. It is actually quite common for http servers, both generic and custom-made, to be full of bugs.HTTPD of all things being the exploit entry point is quite surprising
From: https://wikileaks.org/ciav7p1/cms/page_20250869.htmlOperator Notes
ROS 6.28 has a Firewall Filter Rule to drop access to WAN side ethernet port. This was disabled in order to throw ChimayRed.
https://wikileaks.org/ciav7p1/The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
You should make sure that the management services on these routers (ftp, telnet, ssh, www, winbox) are only accessible toWith well over 200 routers in our customers' possession, this is concerning to us to say the least.
Question; Is there a www package upgrade we could lay on top along with normal /ip service changes to lock down our routers ?
Issuing a fix is not enough, any security engineer after such event will definitely need to check if any his systems breached, and what is possible impact on network security - if yes. Blindly rolling software updates with crossing fingers that it will make you miraculously secure (especially because your particular malware persistence mechanism might be different than vendor might fix) - very wrong.The reason for such tools are inability to release properly patched versions in time. Cisco release cycle and bug fixing cycle takes years. MT just updated all their versions with a fix.
Also nobody knows how compromised router actually looks like, so how can you create tool for that?
Normis replied to hotspot question in another topic. - Hotspot are supposedly safe.
It is already lot of info there. Take a look:Sure, but you still need to wait for Wikileaks to release all information and tools, to know for sure . I'm not sitting and waiting on that to happen . Tonight is an update night - hardest decision is to 6.37.5 or 6.38.5...
Not only the inability to release, also the inability to install them.The reason for such tools are inability to release properly patched versions in time. Cisco release cycle and bug fixing cycle takes years. MT just updated all their versions with a fix.
The reason for such tools are inability to release properly patched versions in time. Cisco release cycle and bug fixing cycle takes years. MT just updated all their versions with a fix.
Also nobody knows how compromised router actually looks like, so how can you create tool for that?
Normis replied to hotspot question in another topic. - Hotspot are supposedly safe.
Well, in these cases archiving service is your best friend: http://archive.is/ecWw0https://www.linkedin.com/pulse/cia-hack ... craig-dods
"Due to unforeseen circumstances, the technical details of this article have been removed" appeared really, really fast!!
Aren't you starting kind of storm in a teapot ? You have quoted part of news and "forgot" to copy other part I DO NOT SAY "Mikrotik is safe" but if you have router "open from WAN" you are asking yourself for troubles despite the ROS problems.One of my concerns, and what I certainly don't want to continue, is that we all treat this as a single vulnerability and and that 6.37.5 / 6.38.5 solves it... cause it doesn't.....of particular concern is the devel login and its purpose and the process around its design and implementation and the duration of its proliferation in the Mikrotik Install base.
Thanks the Clarification Normis, that reduces the risk to the user base quite a bit ..There has never been any backdoor.
"devel" user is created by installing a special debug package by mikrotik staff, which would appear in the packages menu, and allow a new user "devel" to access the device. The user "devel" uses the admin password, so there is no way to access the device without asking the password from the administrator of the router. This package gives mikrotik staff access to some additional debugging utilities.
This only happened when a user voluntarily provided mikrotik support staff with remote access.
Welcome back to the forum Tom!! I see you continue where you left off, when you last time were active on forum. Conspiracy theories and stuff !One of my concerns, and what I certainly don't want to continue, is that we all treat this as a single vulnerability and and that 6.37.5 / 6.38.5 solves it... cause it doesn't,
Thanks for clarification!There has never been any backdoor.
"devel" user is created by installing a special debug package by mikrotik staff, which would appear in the packages menu, and allow a new user "devel" to access the device. The user "devel" uses the admin password, so there is no way to access the device without asking the password from the administrator of the router. This package gives mikrotik staff access to some additional debugging utilities.
This only happened when a user voluntarily provided mikrotik support staff with remote access.
Hello BartozAren't you starting kind of storm in a teapot ? You have quoted part of news and "forgot" to copy other partOne of my concerns, and what I certainly don't want to continue, is that we all treat this as a single vulnerability and and that 6.37.5 / 6.38.5 solves it... cause it doesn't.....of particular concern is the devel login and its purpose and the process around its design and implementation and the duration of its proliferation in the Mikrotik Install base.
drop.PNG
I DO NOT SAY "Mikrotik is safe" but if you have router "open from WAN" you are asking yourself for troubles despite the ROS problems.
Hello mac gaiver,Welcome back to the forum Tom!! I see you continue where you left off, when you last time were active on forum. Conspiracy theories and stuff !One of my concerns, and what I certainly don't want to continue, is that we all treat this as a single vulnerability and and that 6.37.5 / 6.38.5 solves it... cause it doesn't,
Really nice time for comeback! i personally think you are way overreacting (again) and i can't see any of your suggestions to be implemented, because they are rather off the topic and hardly can help - too much effort, not enough gains.
for example
Address Space Layout Randomization - is too specific and almost useless on 32-bit systems
is the NX-bit even available in MIPS CPUs?
Normis, it would appear they were testing payloads that would be injected later on to a vulnerable system... it would appear to be standard practice for attackers... use soft local systems to create set piece attack tools to use on a target on the internet. this is still a concern that I have that there are other vulnerabilities and exploits to target them somewhere in the wild.Yes, this is because all these documents are describing how these "hackers" are configuring their own systems for testing. This explains why they remove firewall and talk about "devel" login. This is because the documents do not describe penetration of remote systems. It describes their test networks, their own routers.
Too many words to describe situation when the admin simply does not care about firewall rules.Hello Bartoz
No I dont think im over reacting or creating a storm in a tea cup or tea pot and im not creating any thing ... im responding to a situation that was created by others.
you are pointing out one line also in vault 7 ... you also are forgetting that if you had cpes with a version prior to 6.22 and they were upgraded to a version between 6.22 and 6.37.1 the accept New and established rules were automajically re-written to accept all traffic regardless of state... so no im not creating storm in a tea cup im concerned that devices with public ips with serivces running on them be it reverse proxies, VPNS etc are open to being compromised... and I think my concerns are more than justified... and that a defence in depth strategy (and best practices ) would dictate that we should be scrutinizing in a holistic manner the entirety or ROS and eradicate any potential entry points...with VPN services sometimes firewalling is not an option and this is of particular concern
Yes, and that was fixed. You can't expect that MikroTik will officially state that all bugs of the future are also now fixed. There are never 100% guarantees.Normis, it would appear they were testing payloads that would be injected later on to a vulnerable system... it would appear to be standard practice for attackers... use soft local systems to create set piece attack tools to use on a target on the internet. this is still a concern that I have that there are other vulnerabilities and exploits to target them somewhere in the wild.Yes, this is because all these documents are describing how these "hackers" are configuring their own systems for testing. This explains why they remove firewall and talk about "devel" login. This is because the documents do not describe penetration of remote systems. It describes their test networks, their own routers.
Thanks Normis and to be fair to MikroTik I remember askign for BGP diagnositcs assistance which required a Debug package ... I asked for the debug package so I could reload the router out of hours... MikroTik Did Refuse Me that Request without any reason... In light of Normises Clarifications re devel login ... the refusal to give me the devel understandable now given what risks MT were trying to mitigate... perhaps a Licence Key protection on the Debug package would reduce the risk of unauthorized proliferation thanks unique devel package per install based on licence key...Yes, and that was fixed. You can't expect that MikroTik will officially state that all bugs of the future are also now fixed. There are never 100% guarantees.Normis, it would appear they were testing payloads that would be injected later on to a vulnerable system... it would appear to be standard practice for attackers... use soft local systems to create set piece attack tools to use on a target on the internet. this is still a concern that I have that there are other vulnerabilities and exploits to target them somewhere in the wild.Yes, this is because all these documents are describing how these "hackers" are configuring their own systems for testing. This explains why they remove firewall and talk about "devel" login. This is because the documents do not describe penetration of remote systems. It describes their test networks, their own routers.
Im not sure what you mean by thatToo many words to describe situation when the admin simply does not care about firewall rules.
Who said that? MikroTik has found the vulnerability and released a patch. This was done by carefully parsing all the discussions in the leaked documents. There are enough hints as to how it works. The vulnerability was found and there is nothing in the currently leaked documents to hint that there is another one. Surely there could be, but no company can give you a 100% guarantee, that they do not have an unknown bug somewhere.in other words it is not good enough to say Oh firewall the vulnerable services and everything will be ok ...
What normally worries me more (not specifically for MikroTik equipment) is that there is some bug or designed-in backdoor in the netfilter (iptables) itself.Surely there could be, but no company can give you a 100% guarantee, that they do not have an unknown bug somewhere.
Still it is nice, also, if manufacturer(Mikrotik) provide some inspection tools, that makes job of implant authors much harder, and customer will be able to detect trivial implants by himself, and report early to Mikrotik such incidents.The best solution is to always keep your device up to date, always do the maximum possible in securing your devices and keep following announcements and news.
Easy questions:Im not sure what you mean by that ....[ciach-ciach] ....in other words it is not good enough to say Oh firewall the vulnerable services and everything will be ok ...Too many words to describe situation when the admin simply does not care about firewall rules.
It seems that already there is such tool. It could be just extended for some more checks if they are neededStill it is nice, also, if manufacturer(Mikrotik) provide some inspection tools, that makes job of implant authors much harder, and customer will be able to detect trivial implants by himself, and report early to Mikrotik such incidents.The best solution is to always keep your device up to date, always do the maximum possible in securing your devices and keep following announcements and news.
It is very basic, just to verify possible filesystem/files corruption, too easy to fool it, and wont cover even known implants.It seems that already there is such tool. It could be just extended for some more checks if they are needed
checkinstallation.PNG
other public members on the forum...have commented on the thread pretty much saying if users dont firewall that it is their fault... my point is that when there is a vulnerability in a service the primary party that is responsible for fixing it is MikroTik.Who said that? MikroTik has found the vulnerability and released a patch. This was done by carefully parsing all the discussions in the leaked documents. There are enough hints as to how it works. The vulnerability was found and there is nothing in the currently leaked documents to hint that there is another one. Surely there could be, but no company can give you a 100% guarantee, that they do not have an unknown bug somewhere.in other words it is not good enough to say Oh firewall the vulnerable services and everything will be ok ...
BartoszP we are talking across purposes here,Easy questions:Im not sure what you mean by that ....[ciach-ciach] ....in other words it is not good enough to say Oh firewall the vulnerable services and everything will be ok ...Too many words to describe situation when the admin simply does not care about firewall rules.
Do you left access to WWW services of your routers open from WAN side ?
Do you need WWW services to manage VPNs ?
If you really need WWW access to your router, do you limit acceptable IPs where you can connect from ?
Exploit uses WWW services so you just need to disable them. There are two ways to do it: disable them or firewall them.
Normis, but if the software vendor (you change a version of a library you are using due to a potential security issue... notify users that there could be security improvements in that release, there are examples of this in the past Heartbleed etc... we want to see more of it ...for the less publicized security issues in libraries that you use in MikroTik Router OSWell of course, but as you can see in this situation, many of the big router manufacturers are facing the same issues or even much bigger ones.
I guess this type of risk has always existed and in theory - always will.
The best solution is to always keep your device up to date, always do the maximum possible in securing your devices and keep following announcements and news.
an excellent Idea Nuclearcat ... ... a cryptographic filesystem checker signed executables ( and signature check before running ) are an option also... Cool idea Nuclearcat +1Still it is nice, also, if manufacturer(Mikrotik) provide some inspection tools, that makes job of implant authors much harder, and customer will be able to detect trivial implants by himself, and report early to Mikrotik such incidents.The best solution is to always keep your device up to date, always do the maximum possible in securing your devices and keep following announcements and news.
... more cryptographic checks ... file hashes ... and a published list of hashes for manual verification for the paranoid... +1It seems that already there is such tool. It could be just extended for some more checks if they are neededStill it is nice, also, if manufacturer(Mikrotik) provide some inspection tools, that makes job of implant authors much harder, and customer will be able to detect trivial implants by himself, and report early to Mikrotik such incidents.The best solution is to always keep your device up to date, always do the maximum possible in securing your devices and keep following announcements and news.
checkinstallation.PNG
How much are you willing to pay for that?2) I would like to see a bug bounty program from MikroTik and crowd source expertise and reward responsible security issue disclosure to MikroTik,
You have not answered my questions. You are saying that security is important. Yes, it is.BartoszP we are talking across purposes here,[ciach-ciach]Easy questions:
Do you left access to WWW services of your routers open from WAN side ?
Do you need WWW services to manage VPNs ?
If you really need WWW access to your router, do you limit acceptable IPs where you can connect from ?
Exploit uses WWW services so you just need to disable them. There are two ways to do it: disable them or firewall them.
Im saying you cant firewall all services (and these services could be vulnerable (past proven ) ( current and future vulnerabilities unknown) ( and as a result more preventative measures should be deployed )
you are saying WWW Services can be firewalled and that one entry point is solved ...that is agreed but you are missing the point that i was trying to make that, Any service that allows a remote connection is a potential entry point... a defense depth strategy is needed by all parties... and when a service cant be firewalled the onus falls on the software manufacturer.
Could you show proven examples of these ?and these services could be vulnerable (past proven )
Don't be ridiculous. Wizard for hardening router ? Next step is formal explanation from Mikrotik, that this wizzard makes good magic and does not change prince into the frog as a side effect ?1) I would like to see a formal security policy from MikroTik and that there are formal software security review methodologies and practices in MikroTik.
......
-5f ) more of a wizard that hardens the default free for all defaults to a more sensible security centric defaults
Hi Dynek,How much are you willing to pay for that?2) I would like to see a bug bounty program from MikroTik and crowd source expertise and reward responsible security issue disclosure to MikroTik,
Did you notice Mikrotik is really cheap compared to competitors?
You can't ask a company to be low-priced and have the full package.
You are saying this because you assume the hacker finding an exploit will not try to get the most he/she can out of it.Hi Dynek,How much are you willing to pay for that?2) I would like to see a bug bounty program from MikroTik and crowd source expertise and reward responsible security issue disclosure to MikroTik,
Did you notice Mikrotik is really cheap compared to competitors?
You can't ask a company to be low-priced and have the full package.
Thanks for your input, however, au Contraire, I think bug bounties are a very cost effective way of identifying and resolving issues in MikroTik, I think that paying out a few thousand for a vulnerability that is proven, and responsibly disclosed, based on MikroTik financial annual results I dont think it is out of their reach for them ... and look at the cost benefit,.. having a more secure os deployed along the entire userbase.
ok we are in agreementYou have not answered my questions. You are saying that security is important. Yes, it is.
You are trying to persuade us that construction company, lock makers, window and glass makers shoud harden their products as you want to be safe in your home. They ought to list all security problems which their products are volunerable to. They should improve their products. Yes, they should.
I never said thatHowever you do not want to accept simple fact: You should lock your home yourself and do not left doors and windows open.
.
yes... I agree with most of your sentiments, but if you buy a product like a door lock and you use it, a user is entitled to expect that the lock will function.You should at least practise standard securitu rules before implementing higher ones.
Here you go ..Could you show proven examples of these ? .and these services could be vulnerable (past proven )
Try to keep your comments professional, ill let that one slide, so you think that is a bad idea...that is ok you are entitled to your opinion,maybe I didnt explain the type of wizard.. I think that a simple questionnaire and rollback script is a reasonable approach, Im certainly not talking about a Quick set function....Don't be ridiculous. Wizard for hardening router ? Next step is formal explanation from Mikrotik, that this wizzard makes good magic and does not change prince into the frog as a side effect ?1) I would like to see a formal security policy from MikroTik and that there are formal software security review methodologies and practices in MikroTik.
......
-5f ) more of a wizard that hardens the default free for all defaults to a more sensible security centric defaults
BartoszP I disagree with your stance on this ...the onus is not on me to prove a point that the CIA have apparently proven already, or what the historic changelog does show... I simply want MikroTik and other software vendors to plan for the worst and hope for the best... (adopt security practices assuming their software is buggy and insecure) , not plan for the best and respond to the worst. (after the fact).
Could you please reset any Mikrotik router to "no configuration" and show all of us all security volunerabities. Just fix them and export such configuration as a gift "pro publico bono". Do not ask someone to do it as it seems that you know all "holes" in the ROS.
Hi Dynek thanks for your reply ... fair point... but turn the question on its head ... todayYou are saying this because you assume the hacker finding an exploit will not try to get the most he/she can out of it.Hi Dynek,How much are you willing to pay for that?2) I would like to see a bug bounty program from MikroTik and crowd source expertise and reward responsible security issue disclosure to MikroTik,
Did you notice Mikrotik is really cheap compared to competitors?
You can't ask a company to be low-priced and have the full package.
Thanks for your input, however, au Contraire, I think bug bounties are a very cost effective way of identifying and resolving issues in MikroTik, I think that paying out a few thousand for a vulnerability that is proven, and responsibly disclosed, based on MikroTik financial annual results I dont think it is out of their reach for them ... and look at the cost benefit,.. having a more secure os deployed along the entire userbase.
What if Mikrotik offers 3k for such an exploit while "someone" else offers 10k?
No one says you are wrong.ok we are in agreementYou have not answered my questions.
It is obvious that you have not said that as it is my statement. However you have not answered my questions.I never said thatHowever you do not want to accept simple fact: You should lock your home yourself and do not left doors and windows open.
.
You are entitled to expect that Mikrotik routers work same as these locks. Are you sure that all locks are safe ?yes... I agree with most of your sentiments, but if you buy a product like a door lock and you use it, a user is entitled to expect that the lock will function.You should at least practise standard securitu rules before implementing higher ones.
OMG ... ROS version less than 5.0 ... have you watched the video ? Cracker have logged into ROS via WWW with known password and then issued prepared http string .... do anyone use ROS < 5.0 ?Here you go ..
What's new in 6.24 (2014-Dec-23 13:38):
*) ntp - fixed vulnerabilities;
I had reported ssh remote exploit
http://seclists.org/fulldisclosure/2015/Mar/49
I am very professional. You are fan of "wizzards". Do you realy need to "click and click and click". Are you sure that this wizzard covers all problems ? Real admins use real keyboard ... it is a little quip ... or maybe not.Try to keep your comments professional, ill let that one slide, so you think that is a bad idea...that is ok you are entitled to your opinion,maybe I didnt explain the type of wizard.. I think that a simple questionnaire and rollback script is a reasonable approach, Im certainly not talking about a Quick set function...
but it would be useful to have a security-centric menu /wizard that allows one answer anumber of questions.. such as
do you use webbox?... NO ? ok would you like me to disable them for you ? ..
do you use the api?... NO ? ok would you like me to disable them for you ? ..
do you like sending stuff over cleartext over ftp telnet and api? ... NO ? ok would you like me to disable them for you ? ...
Instead wasting time for pompous writing just prepare script which closes all volunerable settings. Help save the World from CIA and NSA...
Im not looking for Magic, im looking for a reasoned approach to helping users reduce the attack surface of their router rather than having controls of services that listen for conenctions distributed across the entire menu system...
may I take your silence on all the other points I had raised as an implicit endorsement of those ideas ? ...BartoszP I disagree with your stance on this ...the onus is not on me to prove a point that the CIA have apparently proven already, or what the historic changelog does show... I simply want MikroTik and other software vendors to plan for the worst and hope for the best... (adopt security practices assuming their software is buggy and insecure) , not plan for the best and respond to the worst. (after the fact).
Could you please reset any Mikrotik router to "no configuration" and show all of us all security volunerabities. Just fix them and export such configuration as a gift "pro publico bono". Do not ask someone to do it as it seems that you know all "holes" in the ROS.
the reality for the user base is that is MT becomes more popular, the number of people and the motivation for hacking the software becomes even greater...
we have seen with other operating systems also.
Erm, yes. This is what is called a CSRF. What must be assumed here is that the call to change the password is issued by the very same user (the one that logs into the admin) without actually knowing the action that is being executed.have you watched the video ? Cracker have logged into ROS via WWW with known password and then issued prepared http string ....
Yes, i agree exploit might help to get inside system, but proper integrity checks will make impossible to obtain persistence.You guys should carefully rethink the definition of an exploit. RouterOS already has these checks! It does check also on upgrade. The definition of an exploit is that somebody has found a bug how to overcome or fool these checks.
So MikroTik makes new checks and more security wizards. This does not guarantee that another bug won't be made, opening a new exploit.
You are assuming that RouterOS has zero checks in place, which simply is not true.
what can I say I care.. and I hate forums... the fact im posting on it tells you how seriously I view the issue5 posts in a row is some kind of record in this forum smytht.
I see your point Macgaiver I appreciate your feedback... and i suppose ultimately we have different priorities... I think it doesnt have to be a zero sum game... resources into security rather than much needed improvements in ROS... however.. .I do think MikroTIk should invest more in security.. .plough back more profit for the sake of security... a more secure platform that users have more confidence in ...would be a more valuable platform... Mikrotik and its user base can win... long termMy bottom line is I do not see this issue as cause to start global revolution and i don't remember any other issues to do so. From business point of view and Time/Effort vs benefits wise your suggestion is close to "waste of time". Sorry!
That time should be used in New Linux Kernel integration (yes, ROuterOS v7) (autosolves LOTs of vulnerabilities) , new hardware (especially more powerful Wireless products) and better manuals.
Normis, Im not saying zero checks for a second.. Id like to think im fairer than that... .. but I have raised issues in the past...You guys should carefully rethink the definition of an exploit. RouterOS already has these checks! It does check also on upgrade. The definition of an exploit is that somebody has found a bug how to overcome or fool these checks.
So MikroTik makes new checks and more security wizards. This does not guarantee that another bug won't be made, opening a new exploit.
You are assuming that RouterOS has zero checks in place, which simply is not true.
Yes ... but it is for RouterOS earlier than 5.0.Erm, yes. This is what is called a CSRF. What must be assumed here is that the call to change the password is issued by the very same user (the one that logs into the admin) without actually knowing the action that is being executed.have you watched the video ? Cracker have logged into ROS via WWW with known password and then issued prepared http string ....
Cant we all just get along...Instead wasting time for pompous writing just prepare script which closes all volunerable settings. Help save the World from CIA and NSA
Really ? I see that you have changed discussion from "writing" to "negating". You are not even valiant to rate particular post negatively but you are doing it behind the scene where not too many people will ever glance at.Cant we all just get along...
Im discussing Ideas in practical sence giving examples where I can, and hoping for a positive discourse around these ideas, if you some how have misinterpreted my comments that is unfortunate,You are using big word, big ideas which we all have to agree with as they are true.
No one or almost no one, including me, do not say "It is totally wrong idea" to you but you expect all to say "YES, YES it is great idea, let implement it. Now".
If anyone is not fully with you, he/she is suspected to be against you and your idea. You make then following conclusions based on this.
Could you be so kind and help Mikrotik and us to secure our routers ?
You all the time use phrases: "it should be secured ... tools ought to be prepared ... checks have to be hardened ... ".
It is easy to say so. It is not your time which have to be spend on it. Who will pay for it ? I know ... raise prices of hardware to make HardenedROS.
Can you imagine that I (as I do not want say We, however IMHO many people could share my opinion) could live with current security level of ROS ? Maybe I do not want to pay more ?
Once more ... instead of writing such long posts PLEASE help to find holes in the default configuration of ROS and PLEASE prepare ROS hardening script for us. Do you know exploits which we should be aware of ? Do you know tools which could help us ? As these steps should be taken PLEASE start them.
Remember that this post it is not "fight" with you but with your "binary view" of security of ROS and the "it should be done ...." way of thinking.
A . Please make up your mind: "You sitll continue to attack my opinion" vs "Play the Ball not Man ..."Dont Take it Personally Im Not ... your tone says other wise I think you can conduct yourself better...
You sitll continue to attack my opinion rather than engage in proper discussion -3
lets agree to disagree on this one ... and let others suggest ideas for improving Mikrotik Security, this topic is bigger than your or my opinions and suggestions.. . free market of Ideas... I want to see more ideas on this thread I want to see where some of my ideas wont work if they wont work... and I want to see if other users agree with some of my ideas.. lets add the ideas to the pool and play positive... lets move onA . Please make up your mind: "You sitll continue to attack my opinion" vs "Play the Ball not Man ..."Dont Take it Personally Im Not ... your tone says other wise I think you can conduct yourself better...
You sitll continue to attack my opinion rather than engage in proper discussion -3
B. Your are taking it personally despite your asseveration and therefore I am rated -3. Not you.
C. Proper discussion seems to be this one you accept.
D. You should be aware of fact that English is not primary language for many users of this forum and you should be not too sensitive to particular words/sentences written by foreigners. Be more lenient.
A. Free market ? So why do you rate people not opinions ? They could be different than yours. It is forum, not your discourse.... free market of Ideas... and I want to see if other users agree with some of my ideas..
Bartosz You are a forum Moderator... how about being moderate... take a breath... deescalate, we have some disagreements, its ok to have them... this thread is not about you or me it is about Ideas and a response to a serious situation beyond our individual control but as users we can work together with our vendor and improve the situation for all.A. Free market ? So why do you rate people not opinions ? They could be different than yours. It is forum, not your discourse.... free market of Ideas... and I want to see if other users agree with some of my ideas..
B. If you want to see opinions about your ideas then you should do not be offened if someone does not think the way you do.
sounds interesting can you expand this on the libs / software in C++, any clues to the compilers used library versions...etcI know it's illegal, but i've reverse enigineered Mikrotik
And I can confirm, all this Nova stuff - they do care about security, most of intermediate libs/sw is writted by them in C++, and finding exploits surely is possible, but TAKES TIME AND MONEY, unlikely open-sourced UBNT products, as we saw in the past
Don't you think it is quite rude ? Is it worth "-3" to your reputation for symmetry ? You accuse me of beeing "not nice for you" but you do not see your own behaviour. You move discussion to areas totally not connected to technology to cover lack of more arguments than the obvious statement that "we need more security and it should be done" IMHO.Bartosz You are a forum Moderator... how about being moderate... take a breath... deescalate,
yeah you may have a Point... Lets return it to a technical discussion ... Ill work on my delivery, thanks,Just a note - this topic is officially successfully drowned by you two...
I hope that fact alone smytht indicate that your "method of delivery" seriously lacks something..
Have you heard Tom speak? I'm not sure that's English.You should be aware of fact that English is not primary language for many users of this forum
No Need to be like that cant we all just get along ...I think you best buy only equipment from that other vendor and leave us alone here...
LOL!I think you best buy only equipment from that other vendor and leave us alone here...
I see you posted a link to one of my articles - if there's anything you think I should add to it or clarify please let me know. Thanks!Even though a regular firewall (the default config, in fact) will protect you against the CIA malware, this is an excellent guide to follow for any public RouterOS device: https://www.manitonetworks.com/mikrotik ... -hardening
Thanks for that article!I see you posted a link to one of my articles - if there's anything you think I should add to it or clarify please let me know. Thanks!Even though a regular firewall (the default config, in fact) will protect you against the CIA malware, this is an excellent guide to follow for any public RouterOS device: https://www.manitonetworks.com/mikrotik ... -hardening