For many home users, the router-slash-firewall at the edge of their network plays an vital security role.
It acts as a stockade to keep crooks on the internet at arms' length, typically blocking inbound network connections by default.
It shields the internal layout of the network from outside observers.
It probably also serves as a wireless access point for the household, and thus bears the responsibility of preventing random passers-by from jumping online and getting up to mischief at someone else's expense.
In a word, your SoHo router is important.
So it is always alarming to read about sloppy programming in the firmware that ships with this sort of device.
Late last year, we wrote about "Joel's Backdoor," a misfeature in some D-Link routers which would have been a great joke, if only the side-effects hadn't been so serious.
Joel's bug was that if you told your browser to identify itself as xmlset_roodkcab*leoj28840ybtide (read it backwards!) instead of, say, Mozilla or AppleWebKit, then many D-Link routers would skip the need for a password.
Unauthenticated administrative access, just like that!
It acts as a stockade to keep crooks on the internet at arms' length, typically blocking inbound network connections by default.
It shields the internal layout of the network from outside observers.
It probably also serves as a wireless access point for the household, and thus bears the responsibility of preventing random passers-by from jumping online and getting up to mischief at someone else's expense.
In a word, your SoHo router is important.
So it is always alarming to read about sloppy programming in the firmware that ships with this sort of device.
Late last year, we wrote about "Joel's Backdoor," a misfeature in some D-Link routers which would have been a great joke, if only the side-effects hadn't been so serious.
Joel's bug was that if you told your browser to identify itself as xmlset_roodkcab*leoj28840ybtide (read it backwards!) instead of, say, Mozilla or AppleWebKit, then many D-Link routers would skip the need for a password.
Unauthenticated administrative access, just like that!
http://securityaffairs.co/wordpress/...-backdoor.html
Comment