News D-Link confirms, defends router back-door code

Fair enough. You can't catch everything... although in a new product: come on guys! Get it done.

 

ohh the irony.

 

What the hell are they talking about?

The "failsafe" is the reset button on the back of the router (that requires hardware access). Period. This whole argument is completely ********.

This was NEVER a standard approach. Any proper router EVER has always used a physical override for any cases involving forgotten passwords, etc.. The very fact that it presents this on the WAN facing side just goes to show they have no interest in customer security at all.

 

^^this

 

I don't think my DSL 2740R has this issue according to the report.

Don't think I'm going to google backdoor vulnerability though.

 

The backwards pass phrase of "edit by 04882 joel backdoor" in lovely plain text is so obviously a developer hack introduced during some phase of firmware development. It should never have been left in and they know it. If it was a genuine backdoor they would have used a completely random string or a combination of entry vectors.... this is just a hack. Anyone who's ever coded anything can see it for what it is.

Somewhere there is a guy called Joel trying to keep a very low profile!

D-Link should have just fessed up. I wonder if Joel is still with them he's now in a much higher position?

 

Couple of months ago( after reading an article ) I was able to view the live code(firmware) running on my router, albeit in assembly lang, the text strings were obvious, the debugger I was using has a nice feature where it lists all the $trings found in a given piece of code, a string containing the word 'backdoor' would be very eye catching.

Honesty is such an underrated quality ...trying to spin the truth just make things worse & further damages their credibility.

 

Along with honour, compassion, integrity, humanity and a string of other itys.

 

Given the choice, I'd never buy a D-Link router..... Here's why