General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsYour D-Link router may have a backdoor
NSA-inspired paranoia within the hacker community about the pervasiveness of the governments power to compromise equipment may be bearing real fruit.
A curious computer security professional published findings Saturday that deconstructed the firmware code for some D-Link router devices and discovered a backdoor built directly into the code. By changing the user-agent in a web browser to xmlset_roodkcableoj28840ybtide, a user could bypass the security on the device and get online or control the higher functions of the router.
The hackers at devtts0.com say models DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 use the compromised firmware.
Note the name of the user-agent needed to bypass the router security, spelled backward: edit by 04882 joel backdoor.
D-Links international headquarters are located in Taipei, Taiwan, Republic of China.
http://www.rawstory.com/rs/2013/10/13/your-d-link-wireless-router-may-have-a-backdoor/
JesterCS
(1,827 posts)Fumesucker
(45,851 posts)I have four routers around here with DD-WRT on them.
lumberjack_jeff
(33,224 posts)bemildred
(90,061 posts)This doesn't look like NSA work to me.
whttevrr
(2,345 posts)Especially with all the numbering systems: CPU, NIC/MAC, IP, etc., it all is used to uniquely identify one point on the internet to the next. For information to travel from one place to another, each place would need to be identified. It is the very nature of the beast. Keeping logs of those connections is standard operating procedure for troubleshooting, pricing, and whatever else is deemed necessary.
Phone logs have been kept since... ever? The 70's at least. In the beginning the logs were probably the phone company keeping track of the phones connecting to their modems. With ISP's taken over by cable or any other industry, it makes sense to log all the traffic for at minimum a decent troubleshooting starting point and a cost analysis of traffic. It is a trivial step to add on to the data mining from there.
The expectation of privacy while interacting on the web through a commercial entity is naive at best. Caller ID should have tipped people off that there is no privacy except in the privacy of volume. Individuals are noise on the line in the aggregate. But if an individual endpoint is focused on, all connections become transparent.
It's just the way the internet works. In order to get information from one place to the other, each place needs to be uniquely identified by a distinct path. Logging that path is inevitable.
klyon
(1,697 posts)Bored yet.
Or maybe you are ready to come over from the dark side.
GreenStormCloud
(12,072 posts)They needed a way to bill for long-distance calls. Back in the day of manual connections the woman at the switchboard knew who was calling whom.