Backdoor Found In Arcadyan-based Wi-Fi Routers 59
Mojo66 writes "A recently reported flaw that allowed an attacker to drastically reduce the number of attempts needed to guess the WPS PIN of a wireless router isn't necessary for some Arcadyan based routers anymore. According to German computer publisher Heise, some 100,000 routers of type Speedport W921V, W504V and W723V are affected in Germany alone. (Google translation, original here.) What makes things worse is the fact that in order to exploit the backdoor, no button has to be pushed on the device itself and on some of the affected routers, the backdoor PIN ("12345670") is still working even after WPS has been disabled by the user. The only currently known remedy for those models is to disable Wi-Fi altogether. Since all Arcadyan routers share the same software platform, more models might be affected."
Duff link (Score:4, Insightful)
Duff link to the translation.
Editors? Firehose? What, precisely, is the point of having them?
Legal Liability? (Score:5, Insightful)
Are hardware and software companies going to be taken down by lawsuits over failed security?
Probably not because they write the EULAs, as in, "You use the product at your own risk." type language.
But when the companies leave the door completely unlocked, that is akin to negligence which should not be covered by a EULA. I have never read a EULA (nearly impossible to read by the way) that said "We are not responsible for making it trivail to hack our devices, you are."
I tried to read a Microsoft EULA one time and before I was 25% through, they disconnected me because I "timed out", having failed to read what was easily over 50 pages in about 10 minutes or so.
Sick.