I realize it's a bit unorthodox to create a whole thread for this sort of thing, but here we go.
If you use a D-Link router between you and the Internet (and really, where else would you use one?) then you may want to switch to something else until this gets fixed.
Glad I'm a) not running a D-Link and b) am actually running Tomato on my router anyway.
#4
GasBandit
I've read somewhere else this only becomes an issue if you have remote administration on and/or wifi enabled with no security. So I've turned those things off on our router here at work. It'll be a short term inconvenience, however, until I'm either allowed to replace it or D-Link does a firmware patch (which is supposed to happen at the end of October, they say)
#5
Eriol
I can think of a better idea for doing what they needed to do in FIVE MINUTES! Supposedly it is so other binaries on the router can do "admin" stuff easily. OK then. So to satisfy that: Generate an administrative user/password with randomly generated name AND password as soon as the router gets connected to the internet, and do it based on the current time along with an auto-assigned DNS name and/or router name if it gets one. (If you do it otherwise, it may all be 100% the same, factory time, which has the same problem). Then write that username/password to the internal storage. Then read that file from said "other binaries" and use THAT in the requests to the webserver. Done. Another option MAY be to just check which interface connections are coming from. If they're from the loopback interface (ie: from on the same machine) then just let them through. Not sure if that's secure, but if it is, then you CAN'T spoof that.
Either way, idiocy. And idiocy not having it out until end of the month too.
Be nice. If they were just taking the backdoor out then it would've been a week long job, but after all they had to build in a new NSA backdoor, and keep the old one active until the new one was ready.
At least this kind of thing CAN be revoked. Still monumentally stupid, but hey.
#16
PatrThom
It's on the same order of unbelievable as when the news interviews some guy down at the police station, and right behind him on the wall is a Post-It with the SSID and password of the station wifi, or something.
Or if you do happen to have one, run an alternate firmware like DD-WRT or the like. I have Netgears at home running this and it's made their performance significantly better.
