1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News D-Link confirms, defends router back-door code

Discussion in 'Article Discussion' started by Gareth Halfacree, 16 Oct 2013.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    13,765
    Likes Received:
    2,758
  2. law99

    law99 Custom User Title

    Joined:
    24 Sep 2009
    Posts:
    2,382
    Likes Received:
    59
    Fair enough. You can't catch everything... although in a new product: come on guys! Get it done.
     
  3. tuk

    tuk Don't Tase Me, Bro!

    Joined:
    28 Oct 2012
    Posts:
    493
    Likes Received:
    10
    ohh the irony.
     
  4. Wolfe

    Wolfe New Member

    Joined:
    7 Sep 2003
    Posts:
    776
    Likes Received:
    1
    What the hell are they talking about?

    The "failsafe" is the reset button on the back of the router (that requires hardware access). Period. This whole argument is completely ********.

    This was NEVER a standard approach. Any proper router EVER has always used a physical override for any cases involving forgotten passwords, etc.. The very fact that it presents this on the WAN facing side just goes to show they have no interest in customer security at all.
     
    tuk likes this.
  5. tuk

    tuk Don't Tase Me, Bro!

    Joined:
    28 Oct 2012
    Posts:
    493
    Likes Received:
    10
    ^^this
     
  6. CrapBag

    CrapBag Well-Known Member

    Joined:
    17 Jul 2008
    Posts:
    7,675
    Likes Received:
    379
    I don't think my DSL 2740R has this issue according to the report.

    Don't think I'm going to google backdoor vulnerability though.
     
  7. Guinevere

    Guinevere Mega Mom

    Joined:
    8 May 2010
    Posts:
    2,484
    Likes Received:
    176
    The backwards pass phrase of "edit by 04882 joel backdoor" in lovely plain text is so obviously a developer hack introduced during some phase of firmware development. It should never have been left in and they know it. If it was a genuine backdoor they would have used a completely random string or a combination of entry vectors.... this is just a hack. Anyone who's ever coded anything can see it for what it is.

    Somewhere there is a guy called Joel trying to keep a very low profile!

    D-Link should have just fessed up. I wonder if Joel is still with them he's now in a much higher position?
     
  8. tuk

    tuk Don't Tase Me, Bro!

    Joined:
    28 Oct 2012
    Posts:
    493
    Likes Received:
    10
    Couple of months ago( after reading an article ) I was able to view the live code(firmware) running on my router, albeit in assembly lang, the text strings were obvious, the debugger I was using has a nice feature where it lists all the $trings found in a given piece of code, a string containing the word 'backdoor' would be very eye catching.

    :D

    Honesty is such an underrated quality ...trying to spin the truth just make things worse & further damages their credibility.
     
  9. Guinevere

    Guinevere Mega Mom

    Joined:
    8 May 2010
    Posts:
    2,484
    Likes Received:
    176
    Along with honour, compassion, integrity, humanity and a string of other itys.
     
  10. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    13,765
    Likes Received:
    2,758
    Little update: D-Link has claimed the DIR-615 isn't vulnerable to the back-door, despite some users claiming otherwise, so it won't be getting an updated firmware.
     
  11. B1GBUD

    B1GBUD ¯\_(ツ)_/¯ Accidentally Funny

    Joined:
    29 May 2008
    Posts:
    3,374
    Likes Received:
    434
    Given the choice, I'd never buy a D-Link router..... Here's why
     

Share This Page