bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 14th Oct 2013, 09:59   #1
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,083
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
D-Link routers contain back-door code, claims researcher

Joel puts a hole in D-Link's security.
http://www.bit-tech.net/news/hardwar...nk-back-door/1
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 14th Oct 2013, 12:05   #2
mi1ez
Game Boy Modder
 
Join Date: Jun 2009
Location: Sydney, Australia
Posts: 1,137
mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!
If you reverse the string it says "edit by [...]" rather than "edited by [...]"
__________________
The Angel Delights?
mi1ez is offline   Reply With Quote
Old 14th Oct 2013, 12:09   #3
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,083
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Hah! I'd written 'edit' the first time around, then when I was giving the article a final scan-through before publication I automatically corrected the grammar without a second thought. Fixed, ta!
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 14th Oct 2013, 14:34   #4
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,083
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
I've updated the article with a brief comment from D-Link announcing that it will be patching the back-door by the end of the month, which fails to actually address any of the questions raised. I've pressed for clarification.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 14th Oct 2013, 14:56   #5
jrs77
theorycrafting
 
jrs77's Avatar
 
Join Date: Feb 2006
Location: Finland
Posts: 3,557
jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.
I'd guess that any modern device, be it a computer, a router or whaterver has a backdoor implemented these days.
__________________
...and allways remember, that the world is an orange!

Stop using your smartphone as much and look up!
jrs77 is offline   Reply With Quote
Old 14th Oct 2013, 14:58   #6
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,083
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by jrs77 View Post
I'd guess that any modern device, be it a computer, a router or whaterver has a backdoor implemented these days.
Trufax, but there are clever backdoors - "let's stick a cryptographic public key in there, and if our private key knocks open up a hole" - and dumb backdoors - "hey, let's open a hole when someone uses a plaintext string that appears in our easily-analysed and publicly-available firmware files as their user agent. THAT WON'T GO WRONG AT ALL."

(Although, in D-Link's defence, it took a fair few years for anyone to publicise the vulnerability - which isn't to say it hasn't been discovered and exploited by ne'er-do-wells clever enough to keep their new toy quiet in the past, of course.)
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Old 14th Oct 2013, 15:37   #7
Krikkit
Super Moderator
Moderator
 
Krikkit's Avatar
 
Join Date: Jan 2003
Location: Lincs, UK
Posts: 23,119
Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.Krikkit is definitely a rep cheat.
Blimey, that's a pretty embarrassing gaffe for such a major player in the router market these days. Could be very useful for people trying to open up their ISP's routers though.
__________________
The Good, The Bad, The Ugly, The Zlad!, The Wut?!, The Kempness
Krikkit is offline   Reply With Quote
Old 14th Oct 2013, 22:14   #8
Alecto
Multimodder
 
Join Date: Apr 2012
Posts: 86
Alecto has yet to learn the way of the DremelAlecto has yet to learn the way of the DremelAlecto has yet to learn the way of the DremelAlecto has yet to learn the way of the DremelAlecto has yet to learn the way of the Dremel
Quote:
Originally Posted by jrs77
I'd guess that any modern device, be it a computer, a router or whaterver has a backdoor implemented these days.
Well there's always the (free) alternative that works with a number of routers (and to be honest, those that are tied down by the manufacturers should be avoided anyway):

http://wiki.openwrt.org/doc/howto/build

You can build your own version after auditing the code.
Alecto is offline   Reply With Quote
Old 14th Oct 2013, 22:49   #9
sp4nky
BF3: Aardfrith WoT: McGubbins
 
sp4nky's Avatar
 
Join Date: Jul 2009
Posts: 1,702
sp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on yousp4nky - may the hammer of Bindi be bestowed on you
Funnily enough, I've just taken delivery of a D-Link NAS. It's getting sent back now. Also, power cable was faulty but still, I'm now asking for a full refund instead of a replacement.
__________________
World of Tanks
Player name: McGubbins
sp4nky is offline   Reply With Quote
Old 16th Oct 2013, 10:56   #10
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,083
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
D-Link has responded to my questions with a defence of the back-door code. There are still some outstanding issues to be addressed, however, including its apparent presence in DIR-615 routers - which aren't on the list of devices getting a firmware update it provided this morning.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is online now   Reply With Quote
Reply

Tags
back-door, backdoor, craig heffner, d-link, insecurity, network, networking, privacy, router, security, tactical network

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 19:38.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.