Language Selection

English French German Italian Portuguese Spanish

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under
Hardware
Security
Legal

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

More in Tux Machines

Kaspersky Lab Announces Security solution for Tizen-based Internet of Things

Russia-based Kaspersky Lab has announced that it has developed security solutions for mobile devices and Internet of Things (IOT) running on the Tizen operating system. IOT has emerged as one of the fastest growing areas of the IT market and based on projections from various research institutions and IT companies around the world, the Internet of Things (IOT) infrastructure will integrate around 200 billion devices worldwide comprising smartphones, computers, household appliances, automobiles and several electronic items. Read more

My Mom Runs Linux!

People are coming to Linux in droves these days. They each have their own reasons. It could be a desire to get out from under the thumb of proprietary software’s limitations, privacy concerns or just plain old economics. Some of them find a whole new world of computing happiness and others walk away frustrated. Why is that? How you approach learning something new usually will determine just how successful you are at learning it. It’s all about attitude. Learning is a journey and those who cling to the fear of not reaching a pleasant destination usually quit before they start and stay right where they are. Those who are born with an innate curiosity and a sense of adventure often find that learning something new brings great rewards. Thus, they are constantly looking for new things to learn. It’s the naturally curious ones who tend to do well with Linux. If you sit a child in front of a Linux computer, they usually just start using it. It’s an amazing thing to watch. Kids are curious by nature and they also have the added advantage of not having any preconceived notions when it comes to how a computer ought to work. I have found, on the other hand, that the hardest kind of person to teach Linux is the crusty old Windows power user. They are lost from the start and tend to get easily frustrated when they come across something they don’t understand. Their outbursts of anger can be quite animated! The Internet’s public forums are full of vitriol flung at the Linux Community by these sorts of folks. I learned a long time ago that the best way to deal with them is to simply ignore them. The psychological reasons for their bitter negativity are beyond my expertise to deal with, therefore, I don’t. What I try to do is focus on the positive and help folks who want to learn. Read more Also: Windows 10 Might Soon Track Absolutely Everything You Do for Your Own Good

FreeBSD 11.0 Final Release ISO Images Available For Download

The Final Release of FreeBSD 11.0 is scheduled for Wednesday, September 28, 2016. However, the release builds have started to appear on FreeBSD’s FTP mirrors and you can download the final ISO right now. Read more

Android Leftovers