• August 04, 2020, 04:58:09 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: ComputerWorld: D-Link issues fixes for router vulnerabilities  (Read 5530 times)

stevebythebay

  • Level 1 Member
  • *
  • Posts: 4
ComputerWorld: D-Link issues fixes for router vulnerabilities
« on: January 15, 2010, 02:38:18 PM »

So where is the new firmware?  :-\

http://www.computerworld.com/s/article/9145139/D_Link_issues_fixes_for_router_vulnerabilities?source=CTWNLE_nlt_security_2010-01-15
Logged

Cobra

  • Level 4 Member
  • ****
  • Posts: 477
Re: ComputerWorld: D-Link issues fixes for router vulnerabilities
« Reply #1 on: January 15, 2010, 04:43:51 PM »

First===http://forums.dlink.com/index.php?topic=10330.msg61858#msg61858

Second===there is a new beta released today.

http://forums.dlink.com/index.php?topic=10470.0
Logged

stevebythebay

  • Level 1 Member
  • *
  • Posts: 4
Re: ComputerWorld: D-Link issues fixes for router vulnerabilities
« Reply #2 on: January 15, 2010, 10:17:58 PM »

Considering that the code you're pointing to is not officially supported, that doesn't qualify as far as I'm concerned. 

And it's not what the ComputerWorld article would suggest that D-Link is offering its users.
Logged

Cobra

  • Level 4 Member
  • ****
  • Posts: 477
Re: ComputerWorld: D-Link issues fixes for router vulnerabilities
« Reply #3 on: January 15, 2010, 11:00:47 PM »

Did you bother to read the first link?

Quote
Look at the full write up. It states what firmwares are actually effected.
1.20 for the 655? That OLD.
And it's 1.20EU not even a north american firmware.

That writeup is about OLD firmware and Europe not the USA.

Are you using newer than 1.20?

Are you in Europe?
Logged

stevebythebay

  • Level 1 Member
  • *
  • Posts: 4
Re: ComputerWorld: D-Link issues fixes for router vulnerabilities
« Reply #4 on: January 16, 2010, 08:02:21 AM »

Actually the article http://www.sourcesec.com/Lab/dlink_hnap_captcha.pdf from SourceSec Security Research states:

"Affected Products

It is suspected that most, if not all, D-Link routers manufactured since 2006 have HNAP support and
are vulnerable to one of the below described vulnerabilities. However, only the following routers and
firmware versions have been confirmed to date:

1) DI-524 hardware version C1, firmware version 3.23
2) DIR-628 hardware version B2, firmware versions 1.20NA and 1.22NA
3) DIR-655 hardware version A1, firmware version 1.30EA"

While the ComputerWorld article says:

"D-Link and SourceSec differed over which models were vulnerable. SourceSec wrote that it suspected that all D-Link routers made since 2006 with HNAP support were affected, but they said they had not tested all of them.

D-Link said the models affected are the DIR-855 (version A2), DIR-655 (versions A1 to A4) and DIR-635 (version B). Three discontinued models -- DIR-615 (versions B1, B2 and B3), DIR-635 (version A) and DI-634M (version B1) -- are also affected.

The company said new firmware updates are being made available across its Web sites."

Clearly it would help if D-Link clears up the issue.
Logged

Cobra

  • Level 4 Member
  • ****
  • Posts: 477
Re: ComputerWorld: D-Link issues fixes for router vulnerabilities
« Reply #5 on: January 16, 2010, 08:33:41 AM »

Have you even tried to run the utility to see if you ARE in fact affected?

Before I upgraded to the latest beta I did run the utility and my router passed so I was not in any danger.
Logged

stevebythebay

  • Level 1 Member
  • *
  • Posts: 4
Re: ComputerWorld: D-Link issues fixes for router vulnerabilities
« Reply #6 on: January 16, 2010, 10:50:40 AM »

I have not run any program, nor should I need to.  This is a simple case: either the hardware product, along with the shipped or updated firmware, fixes the problem or it does not, assuming of course that the problem truly exists. 

It would appear from the ComputerWorld article that D-Link has confirmed that a problem exists for 4 versions of the 655 hardware, though it is not clear as to firmware status.

It's up to D-Link to assess the product's vulnerabilities on an on-going basis, identify if fixes are really needed or not, and make necessary changes.  Most importantly to users, the company needs to adequately inform users of the facts as they understand them, provide direction/solutions, and communicate this all in a clear and effective manner.

This forum is not that means, and I wouldn't expect that from any company.  All I would hope is that some form of communication about the level of threat, short term protection (if any), and longer term plan for a fix be adequately communicated to registered users. 

I'm not looking for a product recall (as with some products like cars, ground beef, etc.) but a reasonable set of actions on their part.  This is simply good product support and will lead to both current customer satisfaction and the likelihood that customers will continue to buy products from D-Link.
Logged

Cobra

  • Level 4 Member
  • ****
  • Posts: 477
Re: ComputerWorld: D-Link issues fixes for router vulnerabilities
« Reply #7 on: January 16, 2010, 04:46:02 PM »

http://forums.dlink.com/index.php?topic=10330.0
Logged

sesca

  • Level 2 Member
  • **
  • Posts: 41
Re: ComputerWorld: D-Link issues fixes for router vulnerabilities
« Reply #8 on: January 18, 2010, 11:23:15 AM »

Post any information regarding this topic to:
http://forums.dlink.com/index.php?topic=10458.0

Keeping the posts unified makes it easier to monitor than searching for multiple threads.
Logged