I hope this kind of contests make manufactures pay more attentions. http://arstechnica.com/security/201...ng-contest-aims-to-test-home-router-security/ http://www.theregister.co.uk/2014/07/18/sohopelessly_broken_to_air_router_dirty_zero_day_laundry/
One router I ordered was shipped with a dual logon. Its not something normal computer users would have noted and I barley did. The security in homerouters has been bad forever and we are shipped new junk like wps and telnet enabled by default. Personally I have to guess that they are made weak on purpose. WPA2 a 63 char max and junk like that are also sent, why always settle for the weakest encryption that are seen "not totally broken" when computers has no issues handling really strong encryption. People also connect their cellphones to their wireless, this is a sure way to have it broken.
I'm thinking any that are OpenWRT supported: http://wiki.openwrt.org/toh/start Also https://openwireless.org/router/download Or I suppose there's always the option to build a small pc and throw Linux or OpenBSD on it and that'd be the best. But, I doubt I'd even want to mess around doing that.
You have no security at home unless you runs a custom OS that is highly stripped of junk code, but Stay away from wireless if possible. I like to believe that OpenWRT and similar opensource solutions isn't as bad as most of the stuff you get sent home, I suggest that you roll with several guest internet's (with only one activated at a time) to prevent that they break the very weak WPA2 encryption junk. Have it say: on Monday use this SSID and this unique 63 char password, on Tuesday use some other SSID and this unique 63 char password, on Wednesday use this SSID and this unique 63 char password and so on (or better yet have it change SSID and password each hour or more, this will make it a hassle for most home hackers using backtrack and they will go for the neighbors net instead, also use MAC address filtering even tho its weak, disable telnet and any junk u wont use). Wireless WPS, WEP, WPA, WPA2 is publicly broken. But you can at least do some to try and secure it. Go for AES and re-roll/change the keys/SSID's as often as possible, this will make it less of a risk if someone close is trying to break the encryption. Or better yet read on about networking consider going for a corporate setup.
I'm beginning to think that a virtual router on a stripped down virtualbox host might be the more secure option. If something does compromise the virtual router, reloading the original image fixes it.
With so users regarding NAT and routers as the equivalent of an inbound firewall, I have wonder how many have been totally owned and never knew it.
Linksys Patches (Most) Routers Running SMART Wi-Fi Firmware http://threatpost.com/linksys-patches-most-routers-running-smart-wi-fi-firmware/109146