I haven't seen mention of it on any actual news sites yet, but there's been some #tangodown messages from social media accounts supposedly controlled by Lizard Squad that are at the very least worth raising an eyebrow at. Since massive DDoS attacks have been their signature move against all of their high-profile targets (Sony, Microsoft, Blizzard, etc), which is what's happening to these routers rather then an actual sophisticated attack, and I'm currently looking at a facebook account of theirs that makes mention of an impending #tangodown that was posted a good 48 hours before North Korea went offline, I'd say this is just as likely if not even more likely then some kind of state-sponsored retaliation by the CIA/NSA/FBI/whatever.

Speaking as an attendee, I thought the neatest feature covered in the presentation itself that I haven't seen many articles covering this touch on was a rather ambitious development goal Marc Rogers spoke to for about the last 15 minutes of their talk at Defcon. In addition to all of the security features the firmware is capable of doing, as well as having the ability to enable/disable specific features based on your needs and limitations of whatever hardware you flash it onto, the team's long-term goal is for the router to have an engine that is capable of examining the wan side of it's connections and, based on the potential security risks it identifies on the connection, make smart recommendations about which specific features a user should be using to ensure maximum privacy. Having a large suite of tools available is awesome and all, but when you're talking about running it on a pocket-sized piece of hardware you're going to be limited by the amount of horsepower and on-board memory of the hardware pretty severely. Thus, having an engine that can make smart recommendations for non-technical people that have a strong need for this level of anonymity like journalists or political dissidents is an absolutely huge feature and IMO trumps everything else this project can do.

I worked for Charter as a tier 3 tech support specialist about 10 years ago now, and towards the end of my time there we were trained in a program called "Purchase Power". It started off as something that everyone on the phones, regardless of position or nature of the call, was "encouraged" to do and basically involved reviewing all the services on the account with the customer and point out changes that could be made to save them money, like bundle services they already had going, point out promotional rates, etc. After a month or so of this, it was turned into a non-optional thing that consisted of roughly 50% of the call score when it came to review time. If a rep in any department didn't at least make an attempt to review services with a customer calling in for any reason, it had the potential to result in a write-up if it happened in a call that was randomly pulled during a performance review since it was impossible to receive a "passing" call score under this system unless these guidelines were adhered to. "Service reviews" quickly became sales as the requirements were again modified to include trying to sell new services. "Overcome the customer's objections" was, verbatim, a category that calls were graded on during reviews. This posed an extremely.. interesting.. challenge for my team as the higher-tier support staff were dealing primarily with repeat issues that the lower-tier teams had failed to diagnose properly or fix properly. And yet we were expected to try to sell higher speed internet connections, HBO, phone service, or anything else to these customers that were calling in repeatedly because the service they already had were not working for sometimes months at a time. Not long after I left for a new position that didn't make me feel like a sleazy car salesman on a daily basis, I learned that my entire team ended up getting dissolved and the people that hadn't already voluntarily left were given the choice of moving into other departments (customer retention or sales, primarily), or to go be successful elsewhere. So now, in our region at least, there is no tier 2 or tier 3 tech support out there to this day.

The most sickening part of all of this though, from the perspective of someone who worked with it first-hand, was the internal fervor behind refusing to call Purchase Power a sales program. It was always about "satisfying" the customer, calling it a sales program was extremely taboo even in internal conversation among employees, and telling customers about the program, calling it by name, or telling them we were "required" to do it was an offense that could lead to termination.

From my experiences dealing with other telcos as a customer over the years, I've heard the telltale signs of this breed of training from reps in almost all of them. What starts as an innocent "lets take a look at the services you have with us" is the opening line these programs train their reps to use, which will soon be followed by inquiring about what you like or use the most with the services, highlighting some other service or bundle you don't have, "overcoming the customer's objections", and then trying to sell you something. I've heard it from Charter, AT&T, and Time Warner first-hand and I know from my own personal experience that this has been a trend in the industry at-large for at least a decade now.

For something that large, and presumably something you may not want certain organizations with 4-letter acronyms that end in 'AA' to be able to subpoena a 3rd party and gain access to without your knowledge, build your own redundancy. It may cost more upfront, but ultimately building a second raid array on separate hardware and using an automated process like DRBD to keep them in sync seems like the most sane approach.

Nothing like a good old-fashioned witch hunt spurred on by the likes of 60 Minutes to start off a Monday morning. Next thing we know, Snowden will be some kind of closeted pervert who likes to kick puppies.

The recent availability of the patch is hardly reason to believe that everyone's already deployed it, which is I'm sure why there's still so much secrecy surrounding this.