Wednesday, May 25, 2005
Yet another hardware box with a security bug
This time it's DSL routers from D-Link. The problem is a little esoteric. Like everything these days, the boxes from D-Link that plug into your phone line for DSL are little computers. Naturally enough, there's a way to reprogram them to add features or fix bugs. Unfortunately, for the D-Link boxes, it's possible to reprogram them over the Internet without the owner's permission. Oops.
The D-Link bug is rated as a low risk because it would take a lot of know-how to change how the box behaves. It might be possible to trash the box and make it useless but these days the bad guys are in it for money and not for pointless destruction.
None of your usual security measures will help because all of them are on the other side of the D-Link box from where the attacks might happen. D-Link told the guy who discovered the problem that they released a fix: the guy who discovered the problems says the fix doesn't work.
This problem, you can probably live with. Just stay alert to the fact that any of those "appliance" boxes may need to be updated or replaced someday.
|
The D-Link bug is rated as a low risk because it would take a lot of know-how to change how the box behaves. It might be possible to trash the box and make it useless but these days the bad guys are in it for money and not for pointless destruction.
None of your usual security measures will help because all of them are on the other side of the D-Link box from where the attacks might happen. D-Link told the guy who discovered the problem that they released a fix: the guy who discovered the problems says the fix doesn't work.
This problem, you can probably live with. Just stay alert to the fact that any of those "appliance" boxes may need to be updated or replaced someday.
# posted by Frederick @ 9:40 PM Email to a friend:
Haloscan: they provide trackback