Vulnerability of SOHO routers becomes a topic of analyses by various security organizations almost every week. The 2017 Symantec report shows a year-on-year increase in the number of attacks on IoT devices by 600%. The most vulnerable are unsecured routers, which often make it possible to gain easy access to each connected device. The April’s alert from the official US-CERT also tells us of the growing number of these attacks and their severity.
The new product of the Turris router series is called MOX and it is conceived as a modular system. A number of additional modules can be connected to the basic CPU of the MOX A module, allowing the users to use only the features they need, without the peripherals they have no use for yet. And, of course, they will be able to extend the entire router in the future as necessary. Modules marked with letters A through E are now in the prototype stage, i.e. launching, testing of individual functions, but also fine-tuning the production process and preparation for serial production of thousands of devices. In this article, you will find out what prototype production looks like.
We are releasing dns-collector, an entry part of our pipeline for monitoring of our DNS servers and analysis of the DNS traffic. Together with advanced analysis of the collected data, we can not only monitor the DNS traffic for urgent problems, but also detect and examine long-term trends and issues (e.g. misconfiguration of other servers). We have presented this system at the IT 15.2 conference (video and slides in Czech).
There is no doubt that high school students use information and communication technology just as commonly as a toothbrush. Unfortunately, when it comes to security, there is really room for improvement. This was confirmed by the National Final of the second Czech Cyber Security Competition among high schools.
The history of introducing the DNSSEC technology in the CZ domain goes back more than a decade, and there have been several important changes during its course. For example, let’s look at the year 2010, which was literally packed with events related to the introduction of DNSSEC. First of all, the root zone was signed in July and right afterwards, the first KSK rotation with the change of algorithm among the top-level domains took place in the CZ domain in August. After eight years, we are going to repeat this “combo”, only in reverse order. There is a delayed first rotation of the root zone KSK (without altering the algorithm) scheduled in October. And in June we will perform the already announced KSK key rotation in the CZ domain, again with the change of the algorithm. This time, however, we will use the ECDSA algorithm based on elliptic curves — as the first top-level domain administrator.
Our second crowdfunding campaign for Turris routers will end in a week. The first one for Turris Omnia ended up being a phenomenal success. That time we set our target amount to USD 100,000. In 60 days, we collected an incredible USD 875,000, which was — and still is — the second highest amount collected in Czech campaigns. That’s why we figured that in the case of MOX we definitely cannot stay too close to the ground in order to maintain our trustworthiness. Eventually, we set the target amount to USD 250,000, which, compared to Omnia, looks like a low figure, but it is actually quite ambitious. This campaign is different in two important respects:
We’re proud to announce today that we teamed up with Nextcloud to bring our users a self-hosted private cloud. The Turris MOX: Cloud is ready-to-go bundle with our new optional USB expansion board with 4 USB 3.0, making a device capable of serving your data 24/7. Running on the MOX, Nextcloud gives you easy access to your photos, documents, calendars and contacts and much more through easy to use interfaces for web and mobile devices. With the Turris OS 4.0 update, any Turris system gains the ability to easily manage external drives and install Nextcloud. In the world of ever increasing security threats and privacy violations, hosting your own data is an urgent need and a private cloud makes it possible!
We launched the campaign for Turris MOX – modular and open source router. As modularity is something new in this field, some users are quite confused and don’t know what should they pick. This article is here to help you a little bit decide which combination is the right one for you and help you understand why would you actually want modularity.
Over past years, various DNS software developers tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension (RFC 6891 standard), by temporary workarounds, which aimed to lend their software an ability to temporarily accept various non-standard behaviors. Unfortunately, time has shown that this attitude of adding temporary workarounds is not a long-term solution, especially because the implementations not fully complying with standards were seemingly functional and there was no reason for a permanent fix. The result of these makeshift solutions is their accumulation in the DNS software, leading to a situation where there are so many of them that they themselves begin to cause problems. The most obvious problem is slower response to DNS queries and the impossibility to deploy new DNS protocol feature called DNS Cookies, which would help reduce DDoS attacks based on DNS protocol abuse.
Czech children under age 13 who use Facebook or Instagram are less than four months away from becoming lawbreakers. What makes the situation even worse is the fact that unless a law is passed by this May that would set the threshold for the use of social networking services to 13 years, from that point their use, along with other services, will become illegal for every person aged from 13 to 16 who does not obtain consent of their parents. This issue has already been addressed in our blog by our colleague Jiří Průša. But let’s go deeper.