TP-Link is facing legal action from the state of Texas for allegedly misleading consumers with "Made in Vietnam" claims despite China-dominated manufacturing and supply chains, and for marketing its devices as secure despite reported firmware vulnerabilities exploited by Chinese state-sponsored actors.
The Lone Star State's Attorney General, Ken Paxton, is filing the lawsuit against California-based TP-Link Systems Inc., which was originally founded in China, accusing it of deceptively marketing its networking devices and alleging that its security practices and China-based affiliations allowed Chinese state-sponsored actors to access devices in the homes of American consumers.
Anyone who has ever ordered something from Amazon that looked like a good deal, only to discover that the photos weren't exactly depicting what you got - you know that the People's Republic of Chine (a.k.s. PRD, a.k.a. Red China a.k.a. West Taiwan) has a very different (dare we say "predatory") concept of truth in advertising than we do on these shores.
Me, I wouldn't buy one of these things on a dare. FYI, they are something like 60% of the market because they're cheap.
This post is the fourth in a series on how to make your home network harder to attack. Here are links to posts one, two, and three.
Now you might think the question in the post title is a bit strange - after all, these are you devices, so you'd think that they're all trustworthy. You'd be wrong. There are at a minimum two different categories of trustworthiness:
Your main computing devices. These are computers (duh) such as laptops and desktop computers, servers (a future post will talk about why these can be useful to you, and your cell phones (which are nothing but tiny hand held computers).
Now I've been in security for long enough that I get a bit twitchy about mobile phone security (I'll address this in a future post as well). However, that ship has sailed and even a security nerd like me won't bother making a separate network just for these. So they're computing devices for this discussion.
Then there's everything else. It's surprising how any Internet-connected thingies there are these days. Ring doorbells, Nest thermostats, online appliances (fridges, washing machines, etc). At this point the Borepatch from four years ago would have told you to just walk away from all this nonsense. Don't Internet-enable anything in this category.
Today's Borepatch sighs and tells you that this is coming to a home near yours. It's here in my home. No, not the thermostat (which was installed by the previous owner and which I have not connected to the WiFi). However, the TVs all come with streaming apps for Netflix, Prime, and Youtube (among dozens of others). And The Queen Of The World reminds me that the kids like to stream when they come and visit. She likes it when they come and visit, as do I. And so we have to do something for these devices.
Fortunately, you don't need any new kit to do this. If you remember from the last post on water tight compartments, you don't own the Internet box from your network provider. Basically, you can't trust it, so you install a new firewall box running DD-WRT. It's trustworthy because you own it and have your own software and configuration on it.
All of your main computing devices connect to it's WiFi. All of the other devices (doorbells, thermostats, TVs, appliances) connect to the WiFi from your network provider's box.
What you've done is to put a firewall between your computing devices and your untrusted devices. It doesn't matter if your TV gets hacked because it can't get through your DD-WRT firewall to your computers.
Likewise, your TV is at least somewhat protected from the outside world because it's behind the firewall in your network provider's box.
This post is the third in a series on how to make your home network harder to attack. Here are links to posts one and two.
Post two introduces the concept of a Firewall which is a device that lets you connect to the Internet without letting the Internet connect to you. Firewall technology comes embedded in your Internet provider's device like a Cable TV modem. A recent article does a comparison on a number of these devices.
If you look at the device it will look a lot like this:
The red colored connection goes out to the Internet, the yellow ones go to your devices (as does the Wifi). This one has a connection for a landline telephone as well (ask your parents, kids).
Installing the device is really simple - red (labeled "WAN") goes to the outside which is untrusted, and yellow/WiFi go to your own devices which are trusted.
Except nothing is as simple as that. Your Internet provider actually owns the firewall device, it's not really yours. Some providers run their own WiFi network for other subscribers who happen to be passing by - Verizon is notorious for this, and you will often find all sorts of WiFi networks called "VerizonXYZ" or some such.
So who is outside the firewall, and who is inside? The question may sound pedantic but it's terribly important. Fortunately there is something you can do about this.
Ships used to sink all the time but this is pretty rare these days. One major reason for this is that they are divided into compartments which are watertight - if the ship hits a rock (or, like the Andrea Doria gets rammed by another ship) only one compartment will flood and the ship can likely make it to port.
USS South Dakota under construction
The network security analog of this idea is to use more than one firewall. Don't trust your provider's firewall? (and you really shouldn't) Buy your own and hook it up to your provider's firewall. The red (WAN) port on your firewall gets connected to the internal (yellow) connector on the provider firewall. Now anyone that the firewall lets in can't get past your firewall.
And it really is your firewall, although you'll have to buy it with cash money. But your devices connect to your firewall's yellow network connections, or to your firewall's (NOT your provider's firewall) WiFi.
Now you don't have to trust your provider because their device doesn't have access to your internal "watertight compartment".
Linksys, Netgear, and TP-Link are low cost options, running $30 - $70 or so.
The first thing you should do is replace your firewall's operating system with dd-wrt:
DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used.
Here's a step by step tutorial on how to install dd-wrt on a Netgear device:
[UPDATE: Rick T in the comments says to check the dd-wrt website before buying a device, to make sure that the software supports that particular hardware.]
Why go to this hassle? Product longevity. Consider a $60 Netgear device. The profit margin on this to Netgear is probably $5. You can't pay for a lot of enhancements or security bug fixes with that. DD-wrt is an open source project with a bunch of passionate contributors. I like my chances on having a viable, supported software five years down the road with them. Not so much the device manufacturers.
So now you have a device you can trust for the long term. We're not done yet, because there's all sorts of new tech evil that people want to use - Ring doorbells, Alexa, etc. That's tomorrow.
Forget about the Internet and security for a moment - you already own something with a firewall. Your car has one between the engine and the passenger compartment, even if your car isn't a sweet 1969 Dodge Charger.
The firewall in your car is designed to contain engine fires to the engine compartment, not letting the flames spread to the passengers. Firewalls have been around cars for a long, long time - certainly since the 1930s, and probably a lot longer.
Now back to the Internet and security. Internet firewalls are designed to keep bad things (and Bad Guys) out of your network, so they don't burn down all your devices. Yes, I stretched that metaphor, but that's exactly where the name came from.
An old Internet wag once described a firewall as a device that "keeps the bad guys out while letting the good guys out". That's a really good description. Internet firewalls have been around for basically as long as there has been an Internet, say from around 1990. The technology is very well understood, and very mature. That's the good news.
The bad news is that there are a million ways to set up your firewall so it's more full of holes than Swiss cheese. This post will try to help you avoid this.
More good news: your Internet Provider almost certainly has a firewall capability in hte box that gives you Internet access. For example, if you get Internet via cable TV, you have not only a cable box that changes channels, you have a separate box that gives Internet. That thing has a firewall built in, so yay.
You an check this yourself via a web site that I've linked to a number of times over the years, Steve Gibson's Gibson Research. You should see something that looks like this:
Green is good.
So what went on when you ran that? There are a bunch of Internet services like web, email, and so on. Each uses a "port" - email is 25, web is 80, there are a bunch of others. What Gibson's app did was to try to connect to all of these posts on your IP address. Ideally, your firewall (like mine) dropped these connections in the trash can.
So from a first cut, your firewall is letting you out onto the Internet (so you can read this, hello!) but keeping the Bad Guys out.
But the devil is in the details of how we (and our devices) use the Internet. The next post in this series will explore this: Secure Your Home Network: Can (and should) you trust your devices?
This is the beginning of a new series about what (mostly) non-technical readers can do to lock down their home networks to a decent level of security. I need to start with some caveats here:
It's pretty easy to protect yourself from "script kiddies" (Bad Guys who just use canned exploits without knowing much (or anything) about you or your home network. Hopefully the posts in this series will make you, if not impervious to, at least unreasonably difficult for these attackers.
It's harder to protect yourself from a knowledgeable and determined attacker. Someone with skill, time, and motivation to attack you is a dangerous opponent. Hopefully the posts in this series will increase the required time, skill, and motivation needed for these Bad Guys to succeed. Basically, it raises the cost for them to attack you which is A Good Thing.
At the end of the day, you can't protect yourself from NSA or FSB (the KGB successor organization). Or the Chinese, who are quite active and skilled. Even keeping them from sniffing out your traffic is really, really hard. If you think that any of these organizations are likely to want to access your computers, then you should unplug from the 'Net right now. Not kidding.
So if you're interested in this kind of thing, and are willing to spend a nominal amount of time and money to raise the bar on your home network security, follow along on this series of posts.
Tomorrow's post: What is a Firewall and why do you care?
Dad (who was a history professor) liked to say that History repeats itself because nobody listens the first time. I get an incredible sense of deja vu all over again looking at Mitre's list of top 25 exploits for 2025.
The top 4 are all very, very old. I myself demonstrated #4 when I taught a computer security class (with corporate IT Security present) back in 1994. That's three decades ago.
Numbers 3, 6, and 22 are web server vulnerabilities that are over 20 years old, and I've posted about them before.
17, 19, and 21 have been known since before I was in this industry. Call it the 1980s, although it's likely older.
I guess it's nice to see a shout-out to DoS (number 25) although geez, this is depressing.
So that's half the list having been known for literally multiple decades. So what gives?
I blame Agile Software Development. I guess I'm the cranky old guy yelling at the sky here, because this is how all software is developed these days. Product Managers (my old field) are to blame here, having spent the last 20 or 30 years pushing Go Ugly Early - get working product shipping as soon as possible and let customers tell you how to improve it. Essentially, a lot of what you would have the developers spend their time fixing are things that customers just don't care about.
This has led to a pushback of sorts from software professionals, particularly the Software Craftsmanship movement. Their manifesto is interesting:
As aspiring Software Craftsmen we are raising the bar of professional software development by practicing it and helping others learn the craft. Through this work we have come to value:
Not only working software, but also well-crafted software
Not only responding to change, but also steadily adding value
Not only individuals and interactions, but also a community of professionals
Not only customer collaboration, but also productive partnerships
So what's missing from this? How about don't keep making the same dumb security mistakes that people have been making for decades?
And what do Product Managers miss in their rush to go ugly early? How about don't keep making the same dumb security mistakes that people have been making for decades?
And so here we are. The IT infrastructure of the 21st Century has been constructed out of moonbeams and cotton candy.
I don't see anything changing here, as the incentive structures are all stacked against good security.
Ad blockers and VPNs are supposed to protect your privacy, but four popular browser extensions have been doing just the opposite. According to research from Koi Security, these pernicious plug-ins have been harvesting the text of chatbot conversations from more than 8 million people and sending them back to the developers.
The four seemingly helpful extensions are Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. They're distributed via the Chrome Web Store and Microsoft Edge Add-ons, but include code designed to capture and transmit browser-based interactions with popular AI tools.
I believe that the very first of Borepatch's Laws of Security - from way, way back in 2008 - was "Free Download" is Internet-speak for "Open your mouth and close your eyes".
This is perhaps a niche security topic, but some of you are as niche as me:
The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.
Danielle Hillmer, 53, of Chantilly, Virginia, is accused of deceiving auditors over the capabilities of a service the government commissioned in 2017.
Although it is only referred to as Company A in the court documents, Hillmer claimed to work for Big Four consulting firm Accenture during the stated timeline, according to a now-deleted LinkedIn account.
The US alleges that between March 2020 and November 2021, Hillmer obstructed federal auditors and falsely represented the security of the company's cloud platform, which was used by other government customers beyond the Army.
Perhaps not security per se, but this raises the question of just how much do you trust the audit process?
Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner.
The firm offered that advice last week in a new advisory titled “Cybersecurity Must Block AI Browsers for Now,” in which research VP Dennis Xu, senior director analyst Evgeny Mirolyubov, and VP analyst John Watts observe “Default AI browser settings prioritize user experience over security.”
Gartner’s fears about the agentic capabilities of AI browser relate to their susceptibility to “indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.”
The authors also suggest that employees “might be tempted to use AI browsers and automate certain tasks that are mandatory, repetitive, and less interesting” and imagine some instructing an AI browser to complete their mandatory cybersecurity training sessions. [Highlighting mine - Borepatch]
The highlighted bit is a very clever way to get attention from IT departments. Not only will it irritate the IT Security team but it will focus the Risk Management team on potential loss of SOC2 compliance. This is a very Gartner way of getting eyeballs from the CISO and CIO. Like I said, clever.
Poetic framing achieved an average jailbreak success rate of 62% for hand-crafted poems and approximately 43% for meta-prompt conversions (compared to non-poetic baselines), substantially outperforming non-poetic baselines and revealing a systematic vulnerability across model families and safety training approaches.
Whoops. Looks, this is a new class of attack (seriously, I've been in this biz for a long time and have never seen weaponized verse before), so maybe we need to cut folks some slack here. But I'm somewhat less inclined to do so with AI's track record of falling for 30 year old attacks.
In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree—using AI not just as an advisor, but to execute the cyberattacks themselves.
The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.
This is very interesting, and is very bad news. This is one heck of a tool:
In Phase 1, the human operators chose the relevant targets (for example, the company or government agency to be infiltrated). They then developed an attack framework—a system built to autonomously compromise a chosen target with little human involvement.
Essentially, this is the cyberpunk version of "fire and forget" weaponry. The only thing that would be more ironic is if they had a Clippy front end ...
Nation-state goons and cybercrime rings are experimenting with Gemini to develop a "Thinking Robot" malware module that can rewrite its own code to avoid detection, and build an AI agent that tracks enemies' behavior, according to Google Threat Intelligence Group.
In its most recentAI Threat Tracker, published Wednesday, the Chocolate Factory says it observed a shift in adversarial behavior over the past year.
Attackers are no longer just using Gemini for productivity gains - things like translating and tailoring phishing lures, looking up information about surveillance targets, using AI for tech support, and writing some software scripts. They are also trialing AI-enabled malware in their operations, we're told.
It seems that the Bad Guys are using all the old malware tricks (obfuscation, hidden files, etc) plus some new ones (sending commands via LLM prompts, i.e. the malware queries (prompts) other LLMs to get commands.
The security model for AI/LLM is hopelessly broken, and the design is defective. I mean heck - the designers didn't consider two decade old attack techniques. I don't know if it's correct to label this broken as designed but it's not far off. This is software engineering malpractice.
I can't wait to see what happens with this and one of Elon's humanoid robots ...
Germany's infosec office (BSI) is sounding the alarm after finding that 92 percent of the nation's Exchange boxes are still running out-of-support software, a fortnight after Microsoft axed versions 2016 and 2019.
Alternate title: 90% of German firms fail their SOC 2 audit. Look, this isn't landing a man on the moon, and you had a whole year. You just couldn't be bothered.
Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection.
Prompt injection occurs when something causes text that the user didn't write to become commands for an AI bot. Direct prompt injection happens when unwanted text gets entered at the point of prompt input, while indirect injection happens when content, such as a web page or PDF that the bot has been asked to summarize, contains hidden commands that AI then follows as if the user had entered them.
This is unbelievably bad. How bad? This bad:
Last week, researchers at Brave browser published a report detailing indirect prompt injection vulns they found in the Comet and Fellou browsers. For Comet, the testers added instructions as unreadable text inside an image on a web page, and for Fellou they simply wrote the instructions into the text of a web page.
When the browsers were asked to summarize these pages – something a user might do – they followed the instructions by opening Gmail, grabbing the subject line of the user's most recent email message, and then appending that data as the query string of another URL to a website that the researchers controlled. If the website were run by crims, they'd be able to collect user data with it.
Surely they must be exaggerating, I hear you say. Nope - the author of the post at El Reg recreated the exploit his very own self, simply by creating a web page with the commands hidden in it. FYI, that's 1996 technology right there.
Now look, I may be an old crabby security geezer (no comments, Glen Filthie!) but the problem of sanitizing user input is a really old one. So old that it was old when XKCD did it's classic "Bobby Tables" cartoon:
There have been over 3000 XKCD cartoons; that one was number 327. Yeah, that long ago.
My opinion about anything regarding AI is that the hype is so fierce that the people developing the applications don't really focus much on security, because security is hard and it would slow down the release cadence. And so exploits that wouldn't have surprised anyone back in 2010 keep popping up.
Le sigh. Once again, security isn't an afterthought, it wasn't thought of at all. My recommendation is not to touch these turkeys with a 100' pole.
Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on.
Researchers at the US AI firm, working with the UK AI Security Institute, Alan Turing Institute, and other academic institutions,saidtoday that it takes only 250 specially crafted documents to force a generative AI model to spit out gibberish when presented with a certain trigger phrase.
For those unfamiliar with AI poisoning, it's an attack that relies on introducing malicious information into AI training datasets that convinces them to return, say,faulty code snippetsor exfiltrate sensitive data.
The common assumption about poisoning attacks, Anthropic noted, was that an attacker had to control a certain percentage of model training data in order to make a poisoning attack successful, but their trials show that's not the case in the slightest - at least for one particular kind of attack.
...
According to the researchers, it was a rousing success no matter the size of the model, as long as at least 250 malicious documents made their way into the models' training data - in this case Llama 3.1, GPT 3.5-Turbo, and open-source Pythia models.
Security companies using AI to generate security code need to pay close attention to this. Probably everybody else, too.
UPDATE 23 OCTOBER 2025 13:08: More here. It looks like solutions may prove elusive.
This is interesting even if it follows what we've seen for all security technologies since, well, forever:
Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest.
And if you’re on the inside you know what the applications do. You know what’s important and what isn’t. And you can use all that internal knowledge to fix things—hopefully before the baddies take advantage.
summary and prediction
Attackers will have the advantage for 3-5 years. For less-advanced defender teams, this will take much longer.
After that point, AI/SPQA will have the additional internal context to give Defenders the advantage.
So basically it will be a shooting gallery for now with sanity restored later. I'm somewhat optimistic of AI as a back-end tool (i.e. no user input) to run a set of interesting but more or less canned queries. User input sanitization issues basically disappear at that point.
This was in fact my first thought: Smells like a State Actor.
Having thought about it, I suspect it is linked to the PRC, but "outsourced" to US-based Bad Guys. This seems a business (selling infrastructure to send out floods of voice mail spam). It looks like the guys who ran this also let people swat folks they didn't like. In fact, this is how they got caught because one of the victims was a Congressman.
And so a lack of Opsec led to compromise of the whole system. Cry me a river.
And Lawrence has a great suggestion:
If theses SIM farms are active, there should be ways for telecomms to algorithmically search for mobile call hotspots where too many calls issue from too small an area. Let’s hope they’re doing that and working with various U.S. three letter agencies to shut them down right now.
Theattackinvolves hiding prompt instructions in a pdf file—white text on a white background—that tell the LLM to collect confidential data and then send it to the attackers.
...
The fundamental problem is that the LLMcan’t differentiatebetween authorized commands and untrusted data. So when it encounters that malicious pdf, it just executes the embedded commands. And since it has (1) access to private data, and (2) the ability to communicate externally, it can fulfill the attacker’s requests. I’llrepeat myself:
This kind of thing should make everybody stop and really think before deploying any AI agents. We simply don’t know to defend against these attacks. We have zero agentic AI systems that are secure against these attacks. Any AI that is working in an adversarial environment—and by this I mean that it may encounter untrusted training data or input—is vulnerable to prompt injection. It’s an existential problem that, near as I can tell, most people developing these technologies are just pretending isn’t there.
Essentially, this means that AI is simply not fit for purpose. And clearly, it's not even a little bit "intelligent", security-wise.
This seems like a story that should have gotten a lot more attention than it has. “Secret Service Dismantles Weaponized SIM Farms Designed To ‘Shut Down’ NYC Cell Networks.”
Hours before President Donald Trump’s address to the United Nations General Assembly, the U.S. Secret Service announced that it had dismantled a massive, decentralized SIM farm network, just 35 miles from New York City, hidden inside five abandoned apartment buildings. The telecommunications stealth weapon was capable of paralyzing regional cell networks through denial-of-service attacks.
My first instinct was that this was a State Actor prepping some sort of cyber attack. Now I think it's a Phone Spam datacenter:
SIM farms allow “bulk messaging at a speed and volume that would be impossible for an individual user,” one telecoms industry source, who asked not to be named due to the sensitivity of the Secret Service’s investigation, told WIRED. “The technology behind these farms makes them highly flexible—SIMs can be rotated to bypass detection systems, traffic can be geographically masked, and accounts can be made to look like they’re coming from genuine users.”
Bastards. 95% of all the calls I get are along the lines of "You have been pre-approved ...". I don't even answer a call where I don't recognize the number anymore.
Glen Filthie left a comment asking what I like for vendors providing good phone security. I replied:
I think that
Apple is much more serious about their customer's privacy than Google
is. Apple has repeatedly told governments to get bent when they demand
encryption backdoors; Google seemingly couldn't care less.
Also, I
think that Apple's update model is superior (it certainly was just a
few years ago; I don't get the sense that this is a big area of concern
to Google).
Your mileage may vary, void where prohibited, do not remove tag under penalty of law.
Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.
The vulnerability, tracked as CVE-2025-21043, affects Android OS versions 13, 14, 15, and 16. It's due to an out-of-bounds write vulnerability in libimagecodec.quram.so, a parsing library used to process image formats on Samsung devices, which remote attackers can abuse to execute malicious code.
"Samsung was notified that an exploit for this issue has existed in the wild," the electronics giant noted in itsSeptember security update.
Note that you get this patch from Samsung, not Google. Samsung is the phone handset manufacturer, and has customized the (Google supplied) Android OS so they rolled the patch. Now customizing the OS isn't bad per se, but it's fair to ask who has a better security group: Apple or Samsung. Same question for Motorola and all the Android phone vendors.
So I like my chances better with Apple, at least for security. And notice that this is only looking at the patching cadence. Apple has a history of standing up to governments who ask for encryption backdoors (by my count this is the US.gov, the UK.gov, and the EU.gov). Each time, Apple told them not just "no" but "Hell, no".
Once again, your mileage may vary, void where prohibited, do not remove tag under penalty of law. But Glen did ask.
_under_construction,_1_April_1940.jpg)
