Backdoor Discovered In Netgear and Linkys Routers 189
An anonymous reader writes "A hacker has found a backdoor in the Linksys WAG200G router, that gives access to the admin panel without authentication. Further research shows that these devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin and various others maybe affected as well. From the article: 'The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.'"
not exclusively local (Score:5, Informative)
http://www.shodanhq.com/search?q=port%3A32764
Re:not exclusively local (Score:4, Insightful)
Which part of "Made in the USA" did you not understand?
Re: (Score:2)
The NSA helpfully checks all hardware coming into the country, and makes sure you only get backdoored by an American agency/corporation.
Re: (Score:2)
The first half of that would be helpful, actually...
(If it were true, anyway.)
Re: (Score:2)
You're right, but while Askey, Asus, Cameo, Delta Networks, Foxconn, Senao, SerComm et al probaly add their own backdoors as well, the Netgear and Lynksys NSA channels are homegrown.
Isn't it wonderful? Two major powers both mucking around in the same router for clandestine purposes.
Re: (Score:2)
What? "This is not a router" --- "it has a built-in router" .... So you mean, it can't possibly be a router if it has other functions? It *IS* a DSL Router, no doubt about it.
OpenBSD (Score:4, Informative)
Thank goodness for OpenBSD [openbsd.org] and a bit of elbow grease.
Re: (Score:2)
But if you want to use your mobile phone with your own wifi router, you still have to give the phone the user password, which then ends up being backed up on some server elsewhere, if it isn't snaffled by some Google wi-fi surveillance vehicle.
Re: (Score:2)
Re: (Score:2)
Every tech company works with the NSA. I don't need proof, because it's the only safe assumption to make. If any tech company isn't happy about that, the onus is on them to prove that they don't.
Re: (Score:3)
Every tech company works with the NSA. I don't need proof, because it's the only safe assumption to make. If any tech company isn't happy about that, the onus is on them to prove that they don't.
And since you can't prove a negative, your self sustaining paranoia will remain steadfastly intact. Might want to loosen your tin foil hat a bit. It's cutting off circulation to one or more organs.
Re: (Score:2)
Though FreeBSD based, and easy to set up, m0n0wall ftw. Running on an Alix board it hasn't been rebooted since I bought the router hardware five years ago. Though it has been unplugged for wire "maintenance" a few times and the blackout from hurricane Sandy. Other than those few planned and unplanned power downs, its simple, easy to use and Rock solid.
I have also ran its protégé, pfSense at work where it proved to be very reliable and had a boatload of features compared to m0n0wall.
Re:OpenBSD (Score:5, Informative)
For example, my own setup has OpenBSD acting as a router/NAT/etc. box. For guests there is a wifi network it broadcasts and routes only to the world. Also has a VLAN for DMZ, outside accessible services, etc.
It's not name dropping if it's true.
Re: (Score:3)
I have thought of doing an OpenBSD router of some sort. The idea of having a full blown computer as a router does seem to be a bit overkill for me. This brings up an interesting question. Why have we not seen more router devices with all of the hardware a router needs built in, including ethernet ports, but which is designed to make it easy for the user to install their own open source/free OS on of their choice such as *BSD or Linux. Or does such a thing already exist? yes I know some people work oin getti
Re: (Score:2)
so? buy your own small box and install openbsd. any x-86/alpha/sparc will do. People still run it on pentium-2 class machines or smaller.
Basically the cheapest you can find is good enough, for home use as a router/firewall/etc.
The most expensive "cheap" you can get! (Score:5, Insightful)
Dear lord, I hate it when neckbeards such as yourself talk about how a full PC running OpenBSD or Linux is somehow the "cheap" option compared to a goddamn $40 home router. You make the entire IT profession seem like a bunch of blithering idiots.
Most civilized people don't have Alphas, SPARCs or even old PCs lying around. They'll end up paying more than $40 to acquire such a system, too.
Since most people have several devices on their home network these days, including wireless devices, they'll again need to buy several cabled network cards and at least one wireless network card. You're looking at $100 or more, depending on the type and number of network cards you need to buy.
Then they'll have to waste time setting up this system. If they don't already have experience with installing and configuring OpenBSD and Linux, they'll waste even more time. Good luck getting the wireless network card working! That can be a real battle under Linux, and absolute hell under OpenBSD, even for experienced sysadmins. Anyone with a real job paying a real salary or billing rate will be out hundreds of dollars.
If they manage to get this far, probably spending several hundred dollars getting the equipment in the first place, and then potentially spending at least a day (but likely far more) setting it up, then they'll have to actually start using it. This involves leaving a full computer running 24/7, likely consuming a large amount of power (especially if it's the outdated workstation or PCs that you're advocating). Electricity is quite expensive in many areas.
Way to go, neckbeard. Your "cheap" option only costs $600 or more, just to do the same job that a $40 home router can do. And that's ignoring the ongoing cost of running the system, which depending on local electricity rates can cost a few hundred dollars more per year. The $40 home router will consume a comparatively insignificant amount of electricity, likely costing less than $10 a year even in areas with extremely high electricity prices.
It's so hard to take you seriously when you advocate spending 10 or 20 times as much on some custom Linux or OpenBSD router than it'd cost to buy a cheap home router.
Re: (Score:2)
I never said cheapest. If you are interested in setting up a home network, securely. For less than $200, you can have a soekris box (http://soekris.com/products/net4501-1.html) and you're good to go. If you need extra ports, you can always get a switch.
Also, there is a cost to learning, and that is time and effort. If you are not willing to take the time and spend the effort to do things securely and you come to slashdot bitching about it, perhaps you do deserve to get pwned.
Re: (Score:2)
So now you've gone from advocating "pentium-2 class machines or smaller" to a $200 486?!
I'm sure an OpenBSD router is great and all, but there's got to be a cheaper way to do it. At least suggest some little $50 ARM computer or a mini-ITX PC with a low-wattage CPU or something!
Re: (Score:2)
Sure. Why not.
power makes that expensive (Score:5, Insightful)
Re: (Score:2)
Comment removed (Score:5, Insightful)
Re:OpenBSD (Score:4, Interesting)
As a bonus you can work in another unix and get some skill there.
Re: (Score:2)
wrt54gL is made for diy (Score:4, Informative)
> Or does such a thing already exist?
The wrt54gL (L for Linux) is an example of such a device. The early versions of wrt54g were popular with people using openWRT and such of course. Recognizing this, the company released a version specifically for nerds.
I'd love to see some other, more up-to-date options. I have some projects that would fit nicely in several MBs of RAM, without necessarily needing all the ports. A Raspberry Pi would work, but a beefed up WRT would be better.
Re: (Score:2)
Big fan of the asus RT-65U. The third party firmware gives you great control via GUI, or full shell access.
That said, I don't know what to make of the trust matrix.
Re: (Score:2)
Welcome to the 21st century. They are all full blown computers now. They all have the grunt to run a BSD, ulinux or something of similar scale.
Re: (Score:2)
Any of the plug computers. http://www.globalscaletechnologies.com/ [globalscal...logies.com]
Re: OpenBSD (Score:5, Informative)
Small comment.
I have a Netgear router with Tomato running on it with over 730 days of uptime!
Real Estate (Score:3)
"Well I would move, but that would wreak my uptime..."
Re: (Score:2)
probably the linksys hardware. As the parent mentioned the solution is a good Buffalo Router. I have run dd wrt on my buffalo for over a year at a clip and still going strong about 9 years out now.
Re: (Score:2)
(802.11ac had come out when I replaced it, but I didn't have enough money for one of those.)
I'm not dissing OpenWRT, I just haven't tried it yet.
Re: (Score:3)
Re: (Score:2, Offtopic)
and 'busy' people are often the ones throwing away their money because they choose not to attempt anything that might have even the slightest learning curve and/or time commitment to it..
There's no free lunch, but that doesn't mean the negatives always outweigh the positives when choosing the less-traveled path.
Re: (Score:2)
Like others, the only box between my fios connection and my network is my openbsd box. If you don't know how, well, time to learn, little grasshopper.
malware = local (Score:5, Informative)
Then the compromised computer is used to modify the DNS settings.
Then the whole network depending on the router to provide proper DNS is now visiting whatever hosts the attackers desire.
Re:malware = local (Score:5, Interesting)
Not even that. If dicking around with the port caused a hard reset of the router, who knows what would happen if you got someone to click on this link [192.168.1.1]. (or set it as an img tag for automatic fun)
Re:malware = local (Score:5, Funny)
Not even that. If dicking around with the port caused a hard reset of the router, who knows what would happen if you got someone to click on this link [192.168.1.1]. (or set it as an img tag for automatic fun)
I think that's a bad link. Every time I click on it, I can't reach the internet for a few minutes.
Re: (Score:2)
...only if you set your router to be 192.168.1.1 - which I carefully avoided. :)
But I got your point nevertheless
Re:malware = local (Score:5, Insightful)
Attacking the router from inside the network is only a matter of infecting a computer inside the network.
Then the compromised computer is used to modify the DNS settings.
Then the whole network depending on the router to provide proper DNS is now visiting whatever hosts the attackers desire.
If you can already infect inside computers, do you really need to hack the router?
Re: malware = local (Score:2)
Re: (Score:3)
The first computer is compromised via email spam, spearfishing, drive-by browser vulnerability, etc. That computer is the beachhead for the attack on the router.
The router is then used to compromise all the other computers on the network. DNS is the easiest way. When the other users attempt to access URL's for Microsoft Outlook webmail, bank accounts, etc. the router misdirects them to fake websites that capture their login
Re: (Score:2)
I don't use the DHCP and DNS proxy services on the router. Beats me why anybody would. I run them on a BeagleBone which has so far shown five nines reliability, much more power and flexibility, and no vulnerabilities. The cost is about $50 up front and under 3 watts of AC power.
Re: (Score:2)
I don't use the DHCP and DNS proxy services on the router. Beats me why anybody would. I run them on a BeagleBone which has so far shown five nines reliability, much more power and flexibility, and no vulnerabilities. The cost is about $50 up front and under 3 watts of AC power.
You know, for $30 (or less!) you could get a pogoplug series 4 and run debian on it. And it has USB3. That's the complete package with case and power supply. You could use an earlier pogo, but the newer ones have SD slots.
Personally, I use the DNS on my router, which is a Linksys WRT54G of some sort. But it's running Tomato. Any nerd worth their salt is doing the same or similar, if not building an appliance from scratch. There's just no cheaper way, though, than to use a WAP you got at a yard sale. I've ye
Re: (Score:2)
Yes. Most of the time you may not get root on the infected device. Or the device will be some limited piece of crap. With an attack like this it is a stepping stone to get every device on the network under your control. Many computers will firewall themselves off from other devices on the network, yet allow some communications with the router. Also, most home routers provide DNS to the client computers.
Re:malware = local (Score:5, Interesting)
If you can already infect inside computers, do you really need to hack the router?
Two major upsides: hitting the router is a handy way to turn an exploit of a single machine into a position for eavesdropping and/or DNS attacking every device on the network. Odds are good that the one you exploited directly isn't the only one, and the others may be harder targets from the outside. Plus, the router is a handy 'bastion' for re-infection and persistence in case the luckless user finally ditches or wipes his worm farm of a system. Unless you screw it up, badly, most people are barely aware that routers contain software at all, so odds are excellent that they won't be getting rid of you in the near future...
Re:malware = local (Score:5, Interesting)
This is exactly what happened with Apple a couple of years ago. The DNS Changer virus
http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml [f-secure.com]
It infected OSX machines and logged in the users router using the biggest "back door": admin/password. Then it changed to some DNS servers in Russia, and any device on the network was getting redirected to death to all sorts of sites.
Yes, this is a big back door, but no bigger than the admin/password admin/admin default credentials that 99% of people never changed. Thankfully, these days the routers come with better defaults.
Damn those Linkys routers (Score:2)
Oh wait, if anyone edited this shit instead of piling more images and whatever else Dice's marketing team deems "awesome and revolutionary to leverage for Slashdot," this might be a reputable god-damned tech news site anymore.
Typo in subject (Score:2)
(insert expected comment about how Slashdot editors... don't).
It is LinkSys, not Linkys.
Although "Linky" seems almost appropriate, considering that's what routers do!
great. typo in the title. (Score:5, Informative)
"Linkys". because details are for samzenpussies.
this is getting annoying enough.
So much for competition (Score:5, Insightful)
"Linksys (...) devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin (...)"
It reminds me that scary graph where half a dozen companies control almost all the stuff you see on supermarket shelves.
I remember reading nice fairy tales in school about open markets, and fair and diverse competition being paramount to the western economic model...
Re:So much for competition (Score:5, Insightful)
That fairy tale stopped existing once companies could buy the laws they need to create barriers to entry.
Re: (Score:2)
That fairy tale stopped existing once companies could buy the laws they need to create barriers to entry.
. . . . like Corporate Charters, for instance.
Re: (Score:2)
. . . . like Corporate Charters, for instance.
Most Americans don't realize that the country got by on its first hundred years with no permanent corporations. JD Rockefeller found the right price.
Re: (Score:3)
Most Americans don't realize that the country got by on its first hundred years with no permanent corporations. JD Rockefeller found the right price.
Jingoism is a terrible thing. If I tell people that corporations should not exist unless they serve the public good, they often call me a communist. But that's precisely what corporations originally had to do, at least in theory, in order to be granted incorporation.
Re: (Score:2)
Re: (Score:2)
"Linksys (...) devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin (...)"
It reminds me that scary graph where half a dozen companies control almost all the stuff you see on supermarket shelves. I remember reading nice fairy tales in school about open markets, and fair and diverse competition being paramount to the western economic model...
Sorta like these conglomerates? Just to name a few :)
Re: (Score:2)
Don't forget:
http://www.mondelezinternational.com/brand-family [mondelezin...tional.com]
Re: (Score:2)
Re: (Score:2)
the non tech enduser will (once again) see personal or financial information compromised, or will participate in yet another botnet. It's public now, but nobody knows how much this has been exploited as zero day. Replace router/firmware with 'car' and we would see class action lawsuits as never before.
If it were a car there would be a manufacturer recall. If the problem was discovered in the first decade, after that people would be expected to take care of it on their own.
Device makers should be better behaved to do recalls for stuff like this, maybe they should be forced to, I don't know.
These non tech enduers need to stop getting a free pass too though. "herp derp, gee I didn't know I needed to check for patches and updates, set a non-default password, and have some kind of port filtering" just can't
Re: (Score:2)
Oh. There's a problem with your market? Sounds like the job for The Invisible Hand! Invisible Hand will fix it!
Re:So much for competition (Score:4, Insightful)
Oh. There's a problem with your market? Sounds like the job for The Invisible Hand! Invisible Hand will fix it!
Sorry, the Invisible Hand is unavailable for comment. It's been bound, gagged (handcuffed?), indefinitely detained and sent to Gitmo for questioning by the State.
similar problem in 2004 (Score:2, Informative)
I did a web search for "linksys router backdoor" and this story was one of the top results:
http://news.techworld.com/security/1682/critical-flaws-in-linksys-and-netgear-kit/
"...a hard-wired user account with a known password. Any user with access to a LAN with an affected WG602 device connected to it would be able to gain full administrator access to the device..."
Huawei at least have a password... (Score:5, Interesting)
You can telnet into most Huawei/Vodafone DSL modems with admin/{VF-}[Countrycode]hg[ModelId] through the ethernet port...
This wasn't the NSA! (Score:4, Funny)
Their backdoors are implemented at much higher quality level.
Re: (Score:2)
Why just log from an isp/telco level when you can get much closer?
Is this really a vulnerability or a feature? (Score:4, Informative)
There is a supported feature on Netgear routers where so long as you're on the internal network you can send a magic packet (using a utility called TelnetEnable) to open up the telnet port, then you can telnet in and issue commands as the super user. All TelnetEnable needs is the IP address of the router, it's MAC address, and a widely known default username and password - all things anyone connected to the network can get easily.
It seems like this guy stumbled upon a similar feature.
Yes, this stuff should be better protected, but it's not necessarily a vulnerability. For example, you can log into your router this way and use iptables to add some custom firewall rules that the web admin interface doesn't support. The main hole here is A) Most people don't know it's even there, and B) The default username/password is the same for every router by default. You do need to be on the LAN side to send the magic packet in the first place.
Re:Is this really a vulnerability or a feature? (Score:5, Insightful)
To add to the above, I see the WNDR3700 is specifically reported as not being vulnerable to the open port he found on some of the older models. I know for a fact (because I owned one), that the WNDR3700 is one of the models that requires the magic packet to open the telnet port, further leading me to believe he found a poorly documented (but not unknown) feature that should have been much more visible and better protected by default, rather than something more akin to a backdoor (after all, you have to be on the LAN side to use it).
Re: (Score:2)
Right, because all the computers on the LAN are completely invulnerable.
If you have a system inside your LAN able to construct whatever network communications it wants to any internal device it might as well be running metasploit at that point and don't think a dinky old consumer grade WiFi router will be protecting you then.
Re: (Score:2)
If you have a system inside your LAN able to construct whatever network communications it wants to any internal device it might as well be running metasploit at that point and don't think a dinky old consumer grade WiFi router will be protecting you then.
When your sketchy friend/coworker/apartment-maintenance-guy[1] is visiting the home, the computers you are most worried about may not be powered on or present (your primary laptop). The infiltrator running metasploit would then not be able to get very far unless metasploit owned the wifi router (or other device). But one would hope that if many 'dinky old consumer grade wifi routers' were vulnerable to metasploit, we'd be hearing more about it in the news. Presuming the consumer grade routers are at leas
Re: (Score:2)
http://the.honoluluadvertiser.com/article/2004/Feb/05/ln/ln01a.html [honoluluadvertiser.com]
"FBI asks computer shops to help fight cybercrime"
"Each member of the computer crime squad is given a list of local businesses, Laanui said, with the idea of establishing a working relationship with all of them."
The snooping aspect may cover many local people who have the ability to 'walk' around a wide selection of suburban homes and commercial areas at "random" and report back.
Re: (Score:2)
That's a retarded way to think.
Lets imagine a LAN for a moment, where they hosts cannot talk to each other (host isolation), but they can talk to the router, then to the internet at large.
The router provides them DHCP and DNS.
You are host $B running secureXos.
Host $C running insecureBrowser has a cross site forgery attack that changes DNS on the router via an exploit.
A few days later host $B renews their DHCP lease and gets new DNS.
Host $B visits 'slashdot.org' only it's a imitation site designed to capture
Re: (Score:2)
There is a supported feature on Netgear routers where so long as you're on the internal network you can send a magic packet (using a utility called TelnetEnable) to open up the telnet port, then you can telnet in and issue commands as the super user. All TelnetEnable needs is the IP address of the router, it's MAC address, and a widely known default username and password - all things anyone connected to the network can get easily.
It seems like this guy stumbled upon a similar feature.
Yes, this stuff should be better protected, but it's not necessarily a vulnerability. For example, you can log into your router this way and use iptables to add some custom firewall rules that the web admin interface doesn't support. The main hole here is A) Most people don't know it's even there, and B) The default username/password is the same for every router by default. You do need to be on the LAN side to send the magic packet in the first place.
Why is a method to log into the router without any password not classified as a "vulnerability"? If I let my roommate's sketchy friend plug his laptop into the ethernet network because I don't trust him with the Wifi password, I wouldn't expect him to be able to telnet into to my wifi router without a password.
Re: (Score:2)
This method is for helping non techies. Tell non techie: following this 4 steps to fix your router: telnet , name, password etc etc. It is always the same to make tech support easier.
I understand why having no password or the same password for everyone is easier for tech support - this is the same reasoning that led Wifi router manufacturers to have the routerr default to an open network with no encryption -- much fewer support calls from people that don't know their WEP or WPA key.
But that doesn't mean that it's not a security vulnerability.
Re:Is this really a vulnerability or a feature? (Score:5, Insightful)
Oh wow. Your inside network doesn't touch the outside network? You don't visit websites? You do not run javascript on your browsers? You personally scan each piece of javascript to make sure it cannot get your IP address (yes it can), your gateway (yes it can) and send packets to your gateway (yes it can)?
Seriously, if you don't know what you're talking about, lurk and learn.
And default username/passwords means that malicious javascript can be very very simple indeed.
Your kind of thinking is why we have so much insecurity on the Internet. Please update and upgrade your skills.
Re: (Score:2)
Of course there is a risk there, that's probably why in newer models they require a magic packet in the first place. Can JavaScript in a browser construct such a magic packet? As far as I know it can only create TCP connections.
I didn't say Netgear secured this thing well, did I? I was merely pointing out that this was likely not an NSA backdoor, and had already been "improved" in newer models.
At least I felt like I contributed to the discussion. You, on the other hand, were just being a dick.
Re:Is this really a vulnerability or a feature? (Score:4, Insightful)
You understand that most of the botnets out there are the result of someone clicking on a link and visiting a site that had malicious code embedded in it (ActiveX/JavaScript)?
While JavaScript might not natively be able to send a hand crafted magic packet, it can *take over your system* - which then allows it to download and install rootkits and other stuff - one of which can doing the magic packet tickling.
You said:
Yes, this stuff should be better protected, but it's not necessarily a vulnerability.
*AND YOU ARE VERY VERY WRONG* I want to say this in the nicest way I can - if you are propagating wrong information, you should be stopped. If you think you are correct, you need to be corrected. If you think this is being a dick, I apologize, but you are still wrong, and you are still spreading bad information. Learn and improve your knowledge. Think things through.
Think about it - the programmers who should know better thought the same as you. And as a result, now millions of routers are vulnerable, and open to being exploited. Every week, we see tons of news about basic infrastructure being insecure. Because no one said "that's a fucking stupid idea, don't do it" because saying that means they're being a dick.
And Dell PowerEdges (Score:2)
this is a simple start (Score:2)
While it's not a very big issue, it's a start... and all good things start with simple steps ...
given it's been going on for a while, now the ball is rolling and the public is learning
it's up to someone smarter than me to figure out how to get these little back doors
more into the public eye.
Backdoor requires local network access? (Score:2)
You mean like how any web page with javascript? It's not that difficult to get $ethX and get the gateway, which will probably be the router. Ooops, it's now fully available to the attacker on the outside world.
Hmmm (Score:2)
There an interesting video the other day http://boingboing.net/2013/12/31/jacob-appelbaums-must-watch.html [boingboing.net] I believe he mentions the NSA and hacking wireless routers, perhaps they created it.
additional several router models are susceptible to a hack so easy it's ridiculous, namely adding a certain user agent string to your browser lets you in.
I personally don't use wireless at home any longer,
RVS4000, too (Score:2)
So much for "business class" routers/firewalls, and it wasn't on the list.
I've got a couple of old computers around. Time, again, to build my own. Another plus is that local DHCP addrersses will show up in DNS.
Any device that's not updated (Score:4, Insightful)
These back doors may exist in new devices, but any older device is likely to have a back door. If the vendor updates the devices at all, they usually stop doing that shortly after they stop sales of the device. Your perfectly fine WiFi router or DSL box will most likely have vulnerabilities on it that make it just as insecure as these new devices.
I actively check my DSL router and I know my ISP and several security minded customers do the same. Any WiFi router in my home runs a modified Linux distribution like Tomato, openWRT or DD-WRT that is actively maintained. While it's bad that A-brand companies evidently don't do this this the stuff they buy from other vendors, most devices in the field are just as vulnerable as these boxes are, simply because they don't get updates.
Burning vendors for selling insecure devices is good practice to get this problem solved. Burning them for not being responsible for their sale and updating or liberating the devices they sold should be just as normal as burning them for new equipment. You can't expect people to buy a new device every year simply because the vendor refuses responsibility once it's left their factory.
LinkSys (Cisco) sucks Microsoft balls (Score:2)
Backdoors and more... I recently purchased a LinkSys and could not access the web interface unless a Windows machine was present on my network. I verified this my starting a Windows VM on the linux host where I was running my web browser. With the Windows VM running, my web browser (linux) could access the LinkSys. Without the Windows VM running, my web browser (linux) could NOT access the LinkSys. Once I got DD-WRT installed, problem fixed.
Re:Return to vendor (Score:4, Interesting)
Get a refund. This shit must cost them or it will never stop.
On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?
Re:Return to vendor (Score:5, Insightful)
On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?
Excuse me, but accepting commands and executing scripts received on an unusual port is not a bug. That is code that is there 100% intentional. In the UK, I'd call it defective; it would be pretty obvious that it was defective as sold, so you can return it to the shop where you bought it for a reasonable time (maybe 2 years).
Re: (Score:2)
On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?
Excuse me, but accepting commands and executing scripts received on an unusual port is not a bug. That is code that is there 100% intentional. In the UK, I'd call it defective; it would be pretty obvious that it was defective as sold, so you can return it to the shop where you bought it for a reasonable time (maybe 2 years).
You're excused.
Unless it's a published interface that they meant to be exploited that way, it can still be classified as a bug.
bug [wikipedia.org]:
A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's source code or its design, or in frameworks and operating systems used by such programs
Re:Return to vendor (Score:5, Insightful)
The free dictionary:
http://www.thefreedictionary.com/back+door [thefreedictionary.com]
Noun 2. back door - an undocumented way to get access to a computer system or the data it containsback door - an undocumented way to get access to a computer system or the data it contains
backdoor
access code, access - a code (a series of characters or digits) that must be entered in some way (typed or dialed or spoken) to get the use of something (a telephone line or a computer or a local area network etc.)
Oxford:
http://www.oxforddictionaries.com/us/definition/american_english/back-door [oxforddictionaries.com]
noun
the door or entrance at the back of a building.
a feature or defect of a computer system that allows surreptitious unauthorized access to data.
So obviously it does not matter if it was a "published interface" or even if it was on purpose. It still qualifies as a backdoor. Frankly it does not sound like an accident either so I wouldn't even classify it as a bug. I certainly dont think it is unintended, a mistake, or an error. That means it does not fit your definition.
Note: Bold was added by me, and I did search other online dictionaries, most did not have definition that was technical in nature. Most referred to Back-door deals. Ones I checked were Miriam-Websters, Cambridge, and Oxford. If anyone does find a better definition I welcome being corrected.
Re: (Score:2)
The free dictionary:
http://www.thefreedictionary.com/back+door [thefreedictionary.com]
...
Oxford:
http://www.oxforddictionaries.com/us/definition/american_english/back-door [oxforddictionaries.com]
So obviously it does not matter if it was a "published interface" or even if it was on purpose. It still qualifies as a backdoor. Frankly it does not sound like an accident either so I wouldn't even classify it as a bug. I certainly dont think it is unintended, a mistake, or an error. That means it does not fit your definition.
Note: Bold was added by me, and I did search other online dictionaries, most did not have definition that was technical in nature. Most referred to Back-door deals. Ones I checked were Miriam-Websters, Cambridge, and Oxford. If anyone does find a better definition I welcome being corrected.
You don't understand, I'm not saying that it's not a back door, nor that it's not a big glaring security whole, I'd even agree with someone that said it's irresponsible.
But there's no reason why it can't be all of those things *and* still be called a bug -- they are not mutually exclusive.
It could have even been coded that way intentionally to integrate with other software or for diagnostics or whatever and it would *still* be a bug if the functionality can be exploited for other means.
Re: (Score:2)
Enough with the sophistry. A backdoor is not a bug. It is intentional, not accidental. If you have to call it by a computerish name, call it malware. It does after all cause unwanted and malicious behavior. A device with a backdoor is defective by design and abuses the customer's trust in a way that can not be remedied by a patch.
You can call it anything you like, but if you expect to return it and get a refund, you're going to have to come up with a better reason than "The software does something it's not supposed to, I want a refund". As long as the software/hardware does reasonably what it's supposed to, the manufacturer is unlikely to grant a refund, especially a year or more after purchase. If a security vulnerability (even a big gaping one) was sufficient to get a refund, no one would pay for any software, they'd just use it
Oh please... (Score:2)
"The product does something by design which I, the purchaser, was not made sufficiently aware of at time of purchase. Had I known that this product was designed to operate in this way I would not have purchased it. The vendor made no effort to advise purchasers of this functionality, which adversely affects users of the product."
Re: (Score:2)
Small claims court. Learn it, live it, love it. This shit fails the merchantability and fitness implied warranty [thefreedictionary.com].
Use the crumbs the legal system does afford the poor fumb duck consumer before shrugging and excusing evil and incompetence on the part of capitalist ripoff artists.
Re: (Score:2)
"The software is maliciously designed to attack me." How about that?
(Actually, a refund shouldn't even be sufficient. The appropriate response is more along the lines of criminal prosecution!)
Re: (Score:2)
Re: (Score:2)
And if/when they create such a patch and apply it the product will no longer be defective. But today, it IS defective.
Telling the buyer to duck tape it is not the same as not being defective.
Re:DSL? (Score:5, Insightful)
Who has that anymore?
People that don't want to give any money to a cable company and want to give as little money as possible to the AT&T monopoly, and would rather have their money go to a friendly CLEC [sonic.net]. I gave up my 50mbit Comcast cable internet connection for a 14mbit DSL connection because several times a week, packet loss would go through the roof and throughput would slow to a crawl on the Comcast connection, while the DSL provider has been rock solid.
Re: (Score:2)
Also, even with fibre to the curb/cabinet, which I've had in both Finland and the UK, both involve DSL modems for the final copper link. In Finland, it was an off-the-shelf VDSL2 device, but in the UK I use BT, and I didn't pay enough attention.
Also, the older ADSL modems are widely used in China still - though I think Metropolitan Area Networks are becoming more popular undoubtedly involving local fibre connections (I had a symmetric 10BaseT connection in my flat when I lived here ~10 years ago and it only
Re: (Score:2)
You would need to get between then 'house' and the exchange or telco http://en.wikipedia.org/wiki/Digital_loop_carrier [wikipedia.org]
With this method you would be free of any skilled unique ethernet packet logging after the 'modem' in the home network.
The main win for this would be the speed offered locally. While your real packets are still finding that best effort or dedicated loop out of your state, country the "wiretap" has won the networking race.
A cheap version of MINERALIZE
Re: (Score:2)
Turn in your nerd card with that zoom crap. Next you'll be posting photos of zyxel gear.
Re: (Score:2)