Slashdot Mirror

← Back to Stories (view on slashdot.org)

Belkin To Offer Firmware Fix For Router Hijacking

Posted by timothy on from the testing-the-waters dept.

L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming. Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."

22 of 418 comments (clear)

  1. In case their message changes again... by Evil+Adrian · · Score: 3, Informative

    "Important message from Belkin:
    We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.

    Please expect more detailed information to follow early next week. Thank you."

    If anyone has the testy version, post that too! I'm curious.

    --
    evil adrian
    1. Re:In case their message changes again... by (startx) · · Score: 4, Informative

      From the google cache

      "Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

      Please expect more detailed information to follow early next week. Thank you."

    2. Re:In case their message changes again... by Anonymous Coward · · Score: 1, Informative

      I just loaded the page and got this message:

      Important message from Belkin:
      In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.

  2. Original Snippy Message by tribes · · Score: 5, Informative
    Go go, Google cache!

    Kharma whoring for fun and profit....

  3. The old message? from Google cache by AEton · · Score: 4, Informative

    cache here (as of 10 Nov 2003 20:43 EST):

    Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

    --
    We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
  4. original message text by L-Train8 · · Score: 5, Informative

    I was in the process of cutting and pasting Belkin's message into a story submission earlier today when it changed, so I have the original text. The message earlier today read:

    Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

    Please expect more detailed information to follow early next week. Thank you.

    Now we have the more concise and concilliatory

    We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet
    but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.

    Please expect more detailed information to follow early next week. Thank you.

    --

    Don't forget that Friday is Hawaiian shirt day.
    1. Re:original message text by TheWart · · Score: 2, Informative

      Maybe I am just too accepting, but that message does not seem "snippy" to me. Maybe a little long-winded, but hardly condescending.

  5. I am such a Karma Whore by Evil+Adrian · · Score: 3, Informative

    Here's an article about it from about 7 hrs ago.

    Here's an article about their stupid response.

    Here's the original Slashdot article.

    --
    evil adrian
  6. What's the problem? by Anonymous Coward · · Score: 1, Informative

    When you buy and install software, you usually get adverts the first time you run it telling you about new products etc. etc. typically you click the 'No thanks' button and it never pops up again.

    I fail to see what the big deal is with Belkin. When I got my router the page popped up and I hit 'No' in response to their 'do you want our 3 month trial', and guess what - I haven't seen it since.

    Now if you are a big enough twat to not figure out that hitting 'No' is going to make it go away, just like most advertising, then you probably shouldn't be owning a router and probably not a computer either. And people who are saying 'ooh, Belkin, evil company, never buy from them again!!', well they make good products and I'm certainly not going to stop buying them based on morons not being able to click a button.

  7. Re:"anonymous usage statistics?" by Tiersten · · Score: 5, Informative

    Actually, those extra entries are caused by UPNP. It's supposed to automatically add forwarding rules for services running on your local machines.
    The MSN Messenger protocol requires you to listen to certain ports and if you're behind a NAT firewall then it doesn't work properly so it uses UPNP. From what I gather, anything which knows about UPNP can request ports to be opened.

    It's not a specific thing from D-Link. A lot of new routers now support it.

  8. Actually, that was the first message by FearUncertaintyDoubt · · Score: 2, Informative
    The message that is currently running on their web site was actually what they originally posted on their site on Friday night, when they started to realize the uproar that they had provoked (and posted this message to the usenet).

    Then, either Saturday or Sunday, they changed it to the far less likable one, which was much closer to Eric Deming's original reply in the usenet thread (which, oddly enough, was deleted from google groups). The problem is that it seemed more that they were trying to spin than acknowledge the problem. Methinks that they went back to the first version because they realized that they couldn't spin it at all.

  9. Re:Speaking of routers... by Anonymous Coward · · Score: 1, Informative

    Netgear. I've never had an issue, and have been using them since before they spun off from Bay Networks, now Nortel.

    The blue ones are more durable than a brick, to boot. The silver/grey ones less so.

  10. Canned email reply from Belkin by PHPee · · Score: 2, Informative
    Like many fellow Slashdotters, I emailed several different people/departments at Belkin, expressing my disappointment with their new "feature". I received the following canned response today, from Eric Pipkin, an Account Manager at Belkin:
    Rob,

    Please refer to attachment below in regards to your email.

    Thnx.
    The email contained a 119k pdf file attachment, which I actually found on the Belkin website by adding the filename to the end of the belkin.com URL. Here's a link to the pdf file I received: http://www.belkin.com/Belkin_parental-control.pdf

    It doesn't really tell us anything new, except that Belkin seems to be missing the point entirely, defending their "feature" and not mentioning anything about any upcoming firmware fixes.
  11. Re:"anonymous usage statistics?" by Bowie+J.+Poag · · Score: 5, Informative

    ..Which is still an exploit.

    Keep in mind, when these "msmsgs" (Which I think is the spam-happy Microsoft Messaging service, not MSN Messenger) entries pop up, they occupy HUGE swathes of IP space. Literally, tens of thousands of ports.

    I originally noticed this problem while playing RTCW. Periodically, I wouldn't be able to log on to any servers, because the goddamn msmsgs entries in the firewall table would encompass the port range where RTCW servers reside (port 27000-30000 or so)... Huge areas of IP space, sometimes >20000 ports wide.

    Did I mention you cant delete these "msmsgs" entries?

    Yup. Not only are they added to the firewall table without your permission, you cant get rid of them. The only way you can remove those entries is by restoring factory defaults and rebooting. It took me 4 or 5 repetitions of this process to figure out what the fuck was going on.

    D-Link, if you're listening, fix your goddamn router.

    --
    Bowie J. Poag

  12. Re:"anonymous usage statistics?" by Anonymous Coward · · Score: 1, Informative

    > This is good for a lot of stuff...takes the guesswork out of port forwarding for apps that support it.

    Back Orifice 2k3 here... please forward WAN::31337 to this IP address.
    Okay! Is there anything else I can help you with today?

  13. IQ of marketers = - (IQ of sensible person) by Futurepower(R) · · Score: 2, Informative


    From the parent post: "... average IQ of marketers ... tends to zero."

    The average IQ of some marketers is less than zero. They are very intelligent in being destructive to their companies, meaning they have a high negative IQ. Deciding to include router hijacking is not something an ignorant person could do.

    The router hijacking idea was a product of considerable creative thinking. And Belkin's router project manager Eric Deming made himself semi-famous on Slashdot. Not everyone could do that!

    Think how this will look on Mr. Deming's resume, as he looks for a new job: "I significantly affected my company's profitability." This is honest because: (Truth in marketing) = - (Actual truth).

  14. Turn off UPnP. by Trillan · · Score: 2, Informative

    It's on Tools->Misc.

  15. Re:"anonymous usage statistics?" by kfg · · Score: 2, Informative

    A lot of new routers support UPnP because it reduces support calls, not because it's a really good idea for a router to support UPnP.

    The disguise of convienience for the home user at the cost of security (which the poor bastard doesn't even know he's giving up)to save the manufacturer the expense and pain in the ass of telling him how to properly configure the device.

    The fact that it allows devices and apps to open their own outgoing doors without asking permission is just icing on the cake for the manufacturers who will abuse this for their own ends. (Guess who the major player is? I won't name names but its initials are MS)

    http://www.upnp.org/

    We're going to have to start putting logging boxes upstream from our commercial routers just to find out what they're really letting in and out.

    KFG

  16. Still not buying. by Anonymous Coward · · Score: 1, Informative

    I just purchased a couple of Belkin UPS's. Not bad for the price.

    Would I buy a router from these folks? Hell no. Would I buy a Linksys router? Nope, they don't play well with GPL. I think Microsoft makes home network routers, but they have an even worse shot at getting any more of my money..:-) Maybe SCO will be the next slime organization to enter the home networking arena?

    Perhaps Belkin's marketing department is calling too many technical shots? A router should just decide what to do with packets, not play nasty games with the upper level protocols.

    Belkin's marketing droids can try to spin this any way they like... it's just as slimy and "spammy" as Windows Messenger popups.

    One would think a small company (I believe privately held, even) would be responsive to their customers (or potential customers) and just suck it up, release a patch *and* an apology... but *no*! "We don't understand why you're whining about this being spam. Our marketing bozos don't consider this spam .. and here's your stinking firmware upgrade.." isn't a good technique to get people to open up their wallets.

    Belkin: Open your eyes, listen to potential customers. Find all of the marketing idiots responsible for this and fire 'em. Get new marketing folk and have them write up a press release about their successors. Make sure marketing stays in their little sandbox of advertising and box art design. Leave technical things to technical people.

  17. RE: UPNP service by King_TJ · · Score: 2, Informative

    Right! I always make sure UPNP is disabled on every XP box I set up. I can't really see good reasons for the service to be there - and I recall people complaining about the security holes it created back when it was first released to the public.

    I'm just a little bit surprised routers are actually making use of it now. I guess it's all about pressure put on them to make it easier for people to run special services from multiple computers (since NAT firewalls make you redirect traffic to one specific IP otherwise).

    Ultimately, it's a matter of convenience vs. security, and to me, UPNP compromises too much security for "ease of use". It's like setting your home alarm system up with an easy to remember code like 1-2-3, for the sake of convenience.

  18. Revised Email Sig by Bob9113 · · Score: 2, Informative

    Following is my revised email sig, part of which is stolen from a +5 rated message from the last story. Keep the pressure on folks. As Microsoft has so clearly demonstrated, preventing further harm from one specific act is not enough to dissuade new and more creative despicable acts by malicious corporations. Companies must realized that it is not enough to say you're sorry (particularly when you have your fingers crossed behind your back). We don't let criminals who have malice aforethought get away with "I'm Sorry". We should not be any more lenient with malicious corporations.

    Belkin (verb) - To surreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.
    "I installed topdesk and it belkined my browser."
    "VeriSign's SiteFinder belkined the .com and .net TLDs."

    Belkin products are broken as designed. http://slashdot.org/article.pl?sid=03/11/07/174020 5

    Belkin has recanted and claims they will issue a patch. Good. Now all they have to do for me to remove this .sig is to pay their pennance. Backing down is not enough, I require satisfaction. May I suggest a $100,000 donation to the EFF?

    --
    Stop-Prism.org: Opt Out of Surveillance
  19. Re:"anonymous usage statistics?" by Helen+O'Boyle · · Score: 2, Informative
    Blockquoth the poster:
    accepting the line from tech support that you have to get "used to the product". ... My brother actually got this line from a Fujitsu tech support guy when he complained that his laptop didn't always read the CD-rom when a new one was inserted

    I had the same problem with a Fujitsu Lifebook also circa 1999. Funnythingbut, I put up with this for a couple years, then the month my warranty was expiring, included it on a list of about a dozen defects when returning my laptop for "repair" to CompUSA. They gave me a new Toshiba 5x faster than the Fujitsu.

    Party on, extended warranty business for laptops! Putting up with the CD weirdness for a couple years, was worth it to gain myself a self-renewing laptop ... which is, of course, itself protected by an extended warranty I bought for it (pay $350 every few years, get brand new laptop every few years for free? I can deal with it...)

    [ For the record, I view extended warranties on just about anything EXCEPT laptops, and maybe your new Canon XL1 camcorder, to be evil. So don't interpret the above to be an endorsement of extended warranties for any time other than those FEW times when you actually stand to profit from buying them. ]