• July 20, 2018, 10:27:40 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: Java (or D-Link) Strikes Again ?  (Read 649 times)

nullit

  • Level 2 Member
  • **
  • Posts: 55
Java (or D-Link) Strikes Again ?
« on: July 05, 2018, 06:43:59 AM »

Suddenly one cannot get live video at the cam's browser setup page, nor at any other cam viewer application using Java.
The pop-up message box reads : Application Blocked for Security. Certification has been revoked. The application will not be executed.

The error message's "More Information" button shows that java.security.cert. got revoked for reason:UNSPECIFIED on Jul 03, 2018, apparently by Symantec.
However, proceeding to "View Certificate Details" reveals it is valid till "Thu Sep 20 19:59:59 EDT 2018".
Closing the error message and following the setup page's invitation in the "Live Video" window to "Click for details" reveals the Name: of the application as "cvcs" and, under button "More Information", that "User has denied the privileges to the code".

So, D-Link either requested the certification revoked, or they simply removed the "cvcs" code without warning. I have not been able to find a D-Link rep. or tech. with an answer other than DCS-930L is being discontinued and that there are newer cams around.

I have 7 of these cams operating and an associate of mine another 4, but all virtually dead since July 3. Any info as to what is going on is urgently needed.

Thanks in advance.
.....
PS.: Browsers: FF ESR 52.9.0 and IE 11.112.171340. DCS-930L FV=1.16
Logged

GreenBay42

  • Administrator
  • Level 7 Member
  • *
  • Posts: 1068
Re: Java (or D-Link) Strikes Again ?
« Reply #1 on: July 05, 2018, 07:16:01 AM »

D-Link recently discovered that two of its code signing certificates were misappropriated. Upon discovery, we immediately decommissioned the certificates and investigated the issue. Like several other companies in Asia, D-Link was victimized by a highly active cyber espionage group which has been using PLEAD Malware to steal confidential information from companies and organizations based in East Asia, particularly in Taiwan, Japan, and Hong Kong. The two affected D-Link certificates were revoked, effective July 3rd, 2018. New certificates have been issued to resolve this problem.

Most D-Link customers will not be affected by this issue. However, if you have concerns, please check your local D-Link Support website regularly for updates. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. D-Link will continuously provide updates signed using our new digital certificates.
Logged

Vesku

  • Level 1 Member
  • *
  • Posts: 1
Re: Java (or D-Link) Strikes Again ?
« Reply #2 on: July 09, 2018, 11:30:32 PM »

so, I can’t use my 5020 camera because of this and I don’t find any updates. What should I do to get the camera work?
Logged

Dossier

  • Level 1 Member
  • *
  • Posts: 2
Re: Java (or D-Link) Strikes Again ?
« Reply #3 on: July 10, 2018, 06:24:46 AM »

Hello.  Where can I obtain the new certificate(s) referred to?  We are using DCS-5009L cameras.
Logged

GreenBay42

  • Administrator
  • Level 7 Member
  • *
  • Posts: 1068
Re: Java (or D-Link) Strikes Again ?
« Reply #4 on: July 10, 2018, 07:31:10 AM »

D-Link is working on the new certificates. I am not sure if this will only affect the plug-in and/or new firmware for affected products.

You can still use the mydlink Lite or mydlink apps to configure/view your cameras.

View this periodically for updates - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10089

As stated in the above link,

1. New firmware for affected models are being developed and tested.  The mydlink mobile application will notify you to update for registered cameras in the event of a new firmware release.

2. This issue will not affect the mydlink mobile applications.  This certificate revocation affects viewing and configuring the camera from within a web-browser.

3. if you require the use of the web-browser, you can reconfigure your browser temporarily to ignore the revoked cert. Please note this setting should only be used during the use of camera, and otherwise turned back to default.

For Mac OSX:
Go System Preferences> Java> Advanced> Perform signed code certificate revocation checks on, select "Do not check (not recommended)" 

For Windows:
Go Control Panel> All Control Panel Items>Java> Advanced> Perform signed code certificate revocation checks on, select "Do not check (not recommended)"
Logged

Libertarian

  • Level 1 Member
  • *
  • Posts: 7
Re: Java (or D-Link) Strikes Again ?
« Reply #5 on: July 11, 2018, 09:19:04 AM »

 >:(

I've had it.  I'm never buying another DLink camera again.

The ONLY browser you can use to connect to the camera is IE, run as admin because JAVA is insecure.

Now I can't even set up the cameras I've bought in the last year because the certificate has been revoked.  And changing  the setting under JAVA in the control panel does nothing to fix the inability to set the motion detection.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45304
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Java (or D-Link) Strikes Again ?
« Reply #6 on: July 11, 2018, 09:37:05 AM »

You should be able to use FF ESR browser with these cameras.
http://forums.dlink.com/index.php?topic=66483.0
Some browsers like Chrome and FF standard browser now block plug-ins. FF ESR still allows plug ins.

D-Link is working on new certificates...

FYI:
     "This product has been discontinued.
    Free support for this product will end on 10/31/2018
"

>:(

I've had it.  I'm never buying another DLink camera again.

The ONLY browser you can use to connect to the camera is IE, run as admin because JAVA is insecure.

Now I can't even set up the cameras I've bought in the last year because the certificate has been revoked.  And changing  the setting under JAVA in the control panel does nothing to fix the inability to set the motion detection.
« Last Edit: July 11, 2018, 09:38:43 AM by FurryNutz »
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

nullit

  • Level 2 Member
  • **
  • Posts: 55
Re: Java (or D-Link) Strikes Again ?
« Reply #7 on: July 12, 2018, 06:29:44 AM »

So, we've been down for over a week now. May we expect new certificates/firmware before "free" support ends or will we need to pay D-Link for firmware updates after 10/31/2018, - or will they be offered at all after that date ?? 

.....
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45304
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Java (or D-Link) Strikes Again ?
« Reply #8 on: July 12, 2018, 06:52:46 AM »

You should be able to use FF ESR browser with these cameras.
http://forums.dlink.com/index.php?topic=66483.0
Some browsers like Chrome and FF standard browser now block plug-ins. FF ESR still allows plug ins. This works for my 933L.

D-Link is working on new certificates...Will probably come in a FW update.
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

GreenBay42

  • Administrator
  • Level 7 Member
  • *
  • Posts: 1068
Re: Java (or D-Link) Strikes Again ?
« Reply #9 on: July 12, 2018, 07:02:00 AM »

D-Link doesn't charge for firmware upgrades. They will only charge if you call in tech support after the "last day of support" date which is on the support website.
 
Logged

nullit

  • Level 2 Member
  • **
  • Posts: 55
Re: Java (or D-Link) Strikes Again ?
« Reply #10 on: July 13, 2018, 08:15:13 AM »

My concern is that there may indeed be no firmware update to fix the DCS-930L when support ends in a couple of months, - much like what was the case with the DCS-920 when support for that cam ended in July 2013 and a similar Java security problem killed browser-based live video virtually the same month !

.....
Logged

GreenBay42

  • Administrator
  • Level 7 Member
  • *
  • Posts: 1068
Re: Java (or D-Link) Strikes Again ?
« Reply #11 on: July 13, 2018, 08:28:36 AM »

Well from what I heard this issue is with the plug-in, not the camera so hopefully no need for firmware upgrades. Most security fixes still happen with discontinued products. The DCS-930L is new enough to still get updates for a while. Generally when updates stop is when the vendor no longer exists or the chip is too outdated to fix.
Logged

nullit

  • Level 2 Member
  • **
  • Posts: 55
Re: Java (or D-Link) Strikes Again ?
« Reply #12 on: July 15, 2018, 03:41:06 PM »

We've been down for over two weeks now with no tangible remedy or updated news forthcoming. Seems a safe bet to immediately move to alternate cam hardware options as D-Link's "dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures" have yet to meet and seriously address this past-evolving issue and service their current customer base.
 
Yes, we are not happy !!

....
Logged

Dossier

  • Level 1 Member
  • *
  • Posts: 2
Re: Java (or D-Link) Strikes Again ?
« Reply #13 on: July 16, 2018, 12:55:16 PM »

Down for 2 weeks as well.  We are a small company but it would still cost hundreds of dollars to replace the cameras.  Not to mention the time involved.  Very disappointing but par for the course today.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45304
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: Java (or D-Link) Strikes Again ?
« Reply #14 on: July 16, 2018, 12:57:17 PM »

Has anyone used IE x32 version browser to access and view the cameras video on it's web page? Its working for me and my 933L.
« Last Edit: July 16, 2018, 04:01:11 PM by FurryNutz »
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting
Pages: [1] 2