Slashdot Mirror
Belkin To Offer Firmware Fix For Router Hijacking
L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming.
Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."
So now we can pay for them to track our activities and send us advertisement. Reminds me of how initially having a logo on an article of clothing seamed insane... now we are walking billboards.
30% Troll, 50% Underrated, 10% Interesting
Score:5, Troll
Honestly, this is the most stupid thing since TurboTax decided to write to the boot sector.
Will anybody affected ever buy TurboTax Again?
You think anybody will buy Belkin after this act of stupidity?
These companies just need a couple dozen average slashdot-type geeks to filter their ideas through. We would weed a lot of this stupid crap out. Hell, they could have just posted the idea in the newsgroup and watched the flames pour in.
Somebody will get fired over this...
Davak
Sure, among uber-geeks and /.'ers. John Q. Public who purchased these Routers was doubtless annoyed by it, but John Q. Public who is still in the market and who (likely) hasn't heard about it will still consider buying Belken products.
Two questions/points would spring to mind:
1) I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware.
2) I wonder how many units are still sitting on store shelves with the old firmware in them? This could haunt Belken for quite some time yet.
Personally, I have experience with Linksys, Belken and Netgear NAT routers. I'll be sticking with my Duron based $250 Linux box and iptables :) So what if it uses 50+ kilowatt hours of power a month ;)
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I use an old Pentium computer as a Linux router for my cable modem; I was an early adopter of broadband, before these router devices were affordable.
:-( ), but after seeing this little stunt, no way. I won't trust any router that I can't program myself now. When my Packard Hell quits, I'm gonna just buy another old used computer and turn it into a Linux router.
;-)
I had considered switching over to one of these devices (I have periodic problems with the hard disk failing, and I am running out of small hard disk replacements for it
I would strongly urge anyone else savvy with Linux or even *BSD administration to strongly consider this route. Belkin just proved that you can't trust anyone to route your data with a "black box" solution. OK, maybe not Cisco, but are you gonna fork over $10k for a home router?
(Yes I know Cisco just bought Linksys; I still won't trust 'em)
Trouble is, we buy products because it is good for us, not good for the manufacturer. They seem to have lost sight of it, although may have realised their mistake (or equally likely they haven't realised it, but it's just they dislike the bad publicity).
Either way, it speaks volumes of their corporate decision making. In my experience, corporate decision making is at best, of highly variable quality; managers try to come up with just slightly too clever schemes that try to raise profits at the (non financial) expense of the customer. These things add negative qualities to the product. Why would you ever want to do that?
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"The problem is, you do accept it so willingly. You shouldn't have to deal with this. Nobody should have to.
Advertising shouldn't be on a product that is paid for. The router should do only one thing: route packets. Anything else, if it drops packets, rewrites packets (which it does), etc, then it doesn't work properly, and a complaint to Belkin is in order, along with a request for an RMA#. If the router is designed not to work properly (as it seems), then we need to file a report with the FTC.
Belkin has lost my business, until they very aggressively do something to FIX the problems of the internet.
All that backing off here is doing, is admitting that they pushed a bit too hard. Nobody can tell me that the goal of Belkin has changed, or is any different from VeriSign's. They want to manipulate the infrastructure of the internet. They want control over my computer, and how it works.
Fuck 'em. They have to REALLY work hard to win back my business. Apologizing and issuing a firmware patch ain't good enough by half.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
What's a web interface? How do I login? Where do I type in that address? What's number lock? Do I need to plug the router in first? If I unplugged the router by accident in the middle of the upgrade am I in trouble?
Sorry, again, "I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware".
(And yes before I'm modded flamebait that was the disgruntled ramblings of a former Level 1 support tech ;)
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Corporate behavior like this drives me insane. The personal labor cost to fix their defective product exceeds the price of the product. But I'm sure the EULA is careful to explain that the product is not necessarily useful for anything and Belkin is liable for nothing beyond the price of the product.
Two wrongs don't make a right, but three lefts do.
I accept it as the way companies act today, nothing unusual.
This is what is really bad, and why Belkin thought they could get away with this crap. We have become used to the abuse. We need to stand up and say, "I'm mad as hell, and I'm not gonna take it anymore!"
The incredibly onerous and annoying contracts that have become standard parts of software licenses are starting to creep out of the fine print of click-through EULA's that no one ever reads and into everyday life. I think hardware companies look enviously at software companies, with their "no responsiblity for the company/no rights for the user" legal disclaimers. They are increasingly trying to get the same kind of weasely deals for themselves.
But actual physical products are a different animal, and you can't hide how you're screwing the customer behind an "agree" button. If EULA's weren't such confusing legalese, and people actually bothered to understand what they are actually "agreeing" to, I believe we'd all make a bigger stink about it. Fortunately, it's more obvious when physical items try to act like virtual ones.
Don't forget that Friday is Hawaiian shirt day.
msmsgs is definately MSN Messenger. Windows Messenger is a RPC service I believe.
It shouldn't register such wide ranges though. Something is either buggy or it's very sloppy programming.
But yeah, it's not a particularly great thing for security. I've got UPNP disabled on my router and most of the MSN stuff in Trillian works fine. It has issues with me sending files but apart from that it does what I want. In theory somebody out there could write a Back Orifice style program but register the port with UPNP. This will allow external attackers to tunnel through the firewall as if it wasn't there.
Hey, not to rise to Belken's defense (because I'm not too hip on their products.... got a dead USB hub from them once... and a dead USB add-on card a week later, both RMA'ed and replaced thou, but still...), but does anybody seriously think this was an intentional stunt?
More likely then not, this was the brainchild of some idiot in marketing, who will probably lose his job over it. One of those ideas that looks great on paper and blows up in your face when released to the world. It's happened to all of us at one point or another (though probably not to this scale).
Now that doesn't excuse the initial statement on the website defending the feature. But again, that was probably the brainchild of some idiot in PR saying "We can't admit we made a mistake". Fortunately, it seems that smarter heads prevailed in this case.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Yet another reason to take an old PC (or a new mini-ITX box), throw in a 2nd NIC, and roll your own firewall/router/NAT box/etc. Sometimes plug-n-play is not a good thing.
I don't think it could ever get to zero. With no IQ, I think they'd act totally randomly and, therefore, would have to do something smart from time to time, even if the probability of such an act were very small.
It will decrese at a rate of x^(1/2), where x is the initial IQ. That should allow for the current rapid decline while ensuring they continually get dumber, but never totally random.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
It is really, really basic. It's a form of the Golden Rule. "Would this be acceptable to us if someone did it to us?" Or, "would our customers find this acceptable if another company did it?"
The marketing types responsible for this are demonstrably liabilities to Belkin and should be dismissed. As if...
Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
>> Seriously, Belkin's response to this has been
>> utterly abysmal
There response was fine, but this issue is WAY over-hyped. While you see this every 8 hours, that only happens if you don't click the 'don't show this again' option. Then it's gone forever. This issue has been way over-hyped and it is a non-issue. They offered you a product/service, you decline it, and you never see it again. There are MUCH WORSE WAYS THEY COULD HAVE GONE ABOUT THIS.
Here is a snippet from usenet with Belkin's response:
We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page.
In summary, you have to click 'no thanks' ONCE and you'll never see the thing again unless you do a hard reset of the router.
Uh, x^(1/2) is a monotonically decreasing function that tends to zero.
You say
The router's not broken dimwit, its behaving exactly as it should. UPnP, on the other hand, is a horribly broken idea all the way around, IMHO. Disabling UPnP is your best bet. Next time you are purchasing a piece of computer gear, I suggest you RTFM.
Obviously they took marketing lessons from Verisign, with pretty much the same result. It's interesting to me how many modern Internet-related marketing schemes seem to result in a net loss of market share.
The higher the technology, the sharper that two-edged sword.
True, most level-1 techs are good at what they do, and they typically don't enjoy it too much. In fact, it's all they (we) can do to keep from saying, "Take this job and shove it."
And I don't think that 5-10 minutes of tech support will work for a large number of people. Don't believe me? Read some of the stories at Tech Support Comedy. Every time I feel bad that I've got to deal with some of the dumbest people on the planet, I just read some of the stories on this site. I suddenly feel much better and realize that it could always be worse.
Yes, never underestimate the stupidity of the general public. I don't exactly remember the source of the quote (although I'm sure it's from a movie of some sort), but it sure seems to fit: "A person is smart. People are dumb."
My sources are unreliable, but their information is fascinating. -- Ashleigh Brilliant
- but this issue is WAY over-hyped.
Wrong. When a precedent is set it is always a huge deal; hijaaking HTTP requests for company-sponsored oh-yeah-I-guess-it-could-be-seen-as-an-ad spam breaks new ground. Lookit, people still cheer Chuck Yeager for breaking the sound barrier, Hank Aaron for his home runs, Armstrong for his one small step and we still jeer Robert Morris Jr.'s first Internet Worm, Amazon's One-Click patent, X10's pop-under ads (not the actual first, but many people's first in experience). Closer to home, you and everyone reading this remembers the first time they clicked a Slashdot troll's link to Goatse. Belkin will be remembered for bringing spam and censorship to the router long after others extend the breach further.-- @rjamestaylor on Ello
The Belkin router had not only a non compliant routing algorithm, but it had also a backdoor. Remember, if you clicked on "No Thanks", then a flag INSIDE THE ROUTER would be modified to disallow the misbehavior. Namely CLICKING AN EXTERNAL WEBPAGE MODIFIED THE INSIDES OF YOUR ROUTER!!!!! Is Belkin fixing this security hole also?