Slashdot Mirror

← Back to Stories (view on slashdot.org)

Belkin To Offer Firmware Fix For Router Hijacking

Posted by timothy on from the testing-the-waters dept.

L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming. Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."

16 of 418 comments (clear)

  1. "anonymous usage statistics?" by henc · · Score: 5, Interesting

    Although they remove this feature, what other 'usage statistics'-logging-features are silently embedded?

    My newer D-Link 604 router has some statistics and a thorough logging function (which is displayed in the web gui). - Is all of it really visible to the end user?

    It's a good bet from the manufacturers that the device will be online all the time.
    Perhaps one should install a box to surveil the router/firewall, if any connections are initiated from the router?

    henc

    1. Re:"anonymous usage statistics?" by MisanthropicProggram · · Score: 4, Interesting
      I hope the folks whose expertise is in this area will keep an eye out for any other hanky-panky.

      I really appreciate the folks who spend the time to figure out these things instead of writing it off as little "quirks" or accepting the line from tech support that you have to get "used to the product".

      My brother actually got this line from a Fujitsu tech support guy when he complained that his laptop didn't always read the CD-rom when a new one was inserted and the fact that the laptop didn't shutdown when told to (It would just restart ). - this was in 1999 - BTW.

      --

      There is no spoon or sig.

    2. Re:"anonymous usage statistics?" by Bowie+J.+Poag · · Score: 5, Interesting

      No, but your D-Link 604 router is a piece of shit.. I should know, I own one too, unfortunately.

      The router allows Windows XP to bypass normal user/administrator authentication on the router, and add entires to the firewall table.. Have a look at the firewall page on the router, and see if there's two entries for "msmsgs" that you didn't make. Ever wonder how those got there, especially in light of the fact your router is supposed to be password protected? Gee, thanks D-Link!

      Concievably, any schmuck out there could easilly write a virus that pollutes the firewall table in the same manner. I'm surprised nobody has done so already.

      --
      Bowie J. Poag

  2. I've got a fix... by Dimensio · · Score: 4, Interesting

    ...It involves a hatchet.

    Seriously, Belkin's response to this has been utterly abysmal. First they tried to justify it, only now that it's blowing up in their face do they try to remedy it.

    They've lost a great deal of trust that they will never regain.

    --
    STOP MISUSING APOSTROPHES, YOU MORONS!!!
    1. Re:I've got a fix... by Shakrai · · Score: 2, Interesting
      If you can't walk someone through typing http://myrouter in their address bar and clicking the "install updates" option, you probably weren't a very good support tech.

      You entirely missed the point of my original comment, which was "I pity the poor Level 1....." Just because you can do it, doesn't mean you want to. Give me 5 or 10 minutes I can walk just about anybody through doing anything. That doesn't mean I enjoy doing so.

      My point being, that the Belken tech support ppl (or whoever they outsource it to) have an interesting few weeks ahead of them.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  3. Speaking of routers... by toupsie · · Score: 2, Interesting

    I am in the market for a small home DSL router and now that Belkin is completely out of the running, what would you choose? I would love one with SNMP monitoring. I currently have an old LinkSys 4 port-er. 802.11g would be nice to have on it. Any suggestions?

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
  4. Brouhaha over nothing by fleener · · Score: 2, Interesting

    I have a Belkin for my home. Upon setting up the equipment, the advert page was the first one I saw. I skipped it, but encountered it again about a (?) week later. That time I actually read it and realized I had to jump through a hoop to never see the page again. I can't imagine managing a computer lab and taking more than a day to notice the advert.

    Yes, I was annoyed, but no more than from mandatory product registrations or e-mails I receive from e-tailers from whom I've bought something. In the grand scheme of things, I'm used to the abuse. Today's standard practice is to let the customer opt-out after the first annoying sales pitch.

    I honestly was surprised to see this issue posted on /. as a discussion topic. I accept it as the way companies act today, nothing unusual.

  5. .. and just what will this change be? by mkettler · · Score: 2, Interesting

    "We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed."

    Hmm.. hopefully this doesn't mean they're going to do something even more nefarious, like only hijack sessions going to the websites of parental control software manufacturers...

    I look forward to seeing how they wind up handling the fix, and what they have to say about the patch when it's released. Hopefully Belkin has learned that this was an incredibly bad idea and will do the right thing. However, only time will tell this.

    Of course, it still won't convince me to buy Belkin products again. Trust lost to abuse takes a long time to regain.

    --
    -Matt
  6. Re:New Belkin response - total downplay by paranerd · · Score: 2, Interesting

    And notice the phrase "during the installation process". Like they weren't doing something everybody does. What they aren't admitting to now is that it's not just during the installation process that they were spamming their customers.

  7. Buh Bye Belkin by FunWithHeadlines · · Score: 2, Interesting
    Later for you, Belkin. I want nothing to do with a company that treats its customers with contempt. You fixed the problem, you say? Why did you create a problem in the first place, and who is to say there isn't something else in there still hidden? You didn't do a thing about this problem until it blew up in your face. So you aren't sorry, you are sorry you got caught.

    Why is it whenever a company that thinks of itself as reputable sends spam (unasked for advertising messages) to someone they deny it is spam? 'We did not spam our users. We had a product we thought they would be interested in so we directed their attention to the product.' In other words, you spammed. Busted by your own admission.

    I've used Belkin products in the past. Never again. Trust shattered. Blame the marketing person at your company who came up with this idea.

  8. Spam? Nah! Broken? You bet! by rnturn · · Score: 2, Interesting

    ``Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says.

    And, AFAICT, they're correct. It wasn't really spam and ``everyone on the internet'' that called it that were wrong. What everyone on the internet should have called it is ``a broken router'' which should have been recalled or replaced free of charge. Gosh, isn't nice of them to offer a firmware fix. What happens when the fix isn't applied properly by the end-users? Well they're pretty much screwed as far as their internet access now aren't they? Belkin should do the right thing and ship everyone using one of these broken units a brand new router that properly routes.

    Almost makes you wish for a certification process for any equipment that's connected to a public network. If it doesn't strictly adhere to IETF standards, it doesn't get connected. Just out of curiosity, what RFC specifies the manner by which a router is supposed to replace requests with preferred advertisers? Oh yah. The same one Verisign referred to when designing their SiteFinder atrocity.

    --
    CUR ALLOC 20195.....5804M
  9. This was informative? by Svartalf · · Score: 3, Interesting

    1) This is not software, nor did it need drivers to work. There should be no "No thanks" 'button'- period.

    2) What if you're NOT using a browser for your applications? What if you're using SOAP or XML-RPC for something? In either of those cases, Belkin's little advert thing will BREAK things.

    3) When I install software, I don't get ads about new products when I'm installing. This includes GAMES.

    I don't care HOW you'd like to rationalize it- what Belkin did was way over the top stupid.

    --
    I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
  10. Re:The old message? from Google cache by _Sprocket_ · · Score: 4, Interesting

    Here's some more interesting things for the record.

    The origional reply from Eric Deming ("a product manager for Belkin's LAN products and ... very involved with the development of the Parental Control feature") to news.admin.net-abuse.email was removed. Oddly enough. However you can find mirrored copies re-inserted in to Google Groups thanks to:

    Malev
    Clifton T. Sharp Jr.
    dave

    And even a simple text mirror outside Google's domain provided by Steven J Sobol.

    The removed message was replaced by a very familiar sounding post again from Eric Deming. Google Groups currently has its own copy available (at the time of this writing). But others have already began the process of burying the text - probably due to previous experience.

    Of course - if all these sources fail you... you can always find the same text burried in reader comments from the initial Slashdot article mentioned in this article's submission.

  11. Re:Dealing with this situation... by AuntMartha · · Score: 2, Interesting

    The notion of going direct to their resellers, CompUSA, BestBuy, Apple, Gateway, etc. is a good one. And doing it at the Corporate level is the way to go.

    Call the Corp. HQ and ask for the "Buyer/Merchandiser" for Hubs, Routers, whatever the hell your target reseller carries. Maybe you'll talk to the real-live human who buys Belkin's Spamware, and you can express your extreme unlikeliness to purchase the same. Can you spell "Excess Inventory?" I thought you could.

    Failing finding a real human, e-mail the "Contact us" address AND the Investor Relations people in Finance. Same message. Same impact. If only a few thousand of us do it, BestBuy, Buy.com, CompUSA, etc., will roast Belkin over a slow fire.

    --
    After you're done telling me my job went overseas because I'm stupid, George, how about telling me: Where's Osama? Where
  12. Listen to the Engineers, not Marketing by sir_cello · · Score: 2, Interesting


    Take a straw poll of Belkin Engineers, and you'll probably find that most of them also think that this was a stupid idea. I'm sure its a Marketing decision - no real Engineer I know would sanction such a thing. I know that where I work we've had to do stupid things to keep Marketing happy - and it's always enjoyable when the shit comes back to hit the fan and Marketing takes it in face. This kind of Engineering sport is enjoyable :-).

    The other good thing is this: now that it's been so embarrasing for Belkin, we can be reasonably confident that no one else will repeat the idea. Any marketing person who wants to keep their job will make sure of this: delivering and supporting firmware upgrades is not cheap, nor is the loss of goodwill for your product.

    Does anyone have time to tell whether any other Belkin products have similar bozo-features ? Or, can we watch Belkin in the next month or two to see whether any other firmware upgrades are released ?

  13. Re:Just stop with the melodrama. by fmaxwell · · Score: 1, Interesting

    The owners of those behind firewalls for one. They have a completely broken router

    If it is "completely broken", then explain how thousands of consumers are successfully using it.

    that randomly drops HTTP connections every 8 hours. Wonderful effect, isn't it?

    If someone is so brain-dead-stupid that they can't configure their router through the web interface and can't click on a "no thanks" button, they have no place using a router. Do you really think that this would confuse you? Please. Tell me. Would turning off this behavior really baffle you?

    It doesn't "randomly [drop] HTTP connections every 8 hours." A dropped connection is not the same as a redirection. Secondly, it's either random or it's every 8 hours. It can't be both.

    Let's see, I don't use IE, so what do you think?

    Do you use a Belkin router? You seem to be all wrapped around the axle over them.

    So, did you browser come with a pre-configured home page? Did it show that homepage every time you started it? Did you have to do something to reconfigure it to a homepage of your choosing? Was doing that more complex than clicking a "no thanks" button on a web page?

    These browsers are not redirecting other traffic, nor are they network hardware that has one set purpose.

    Ever looked at a modern consumer router? It has far more than "one set purpose." It includes routing, NAT, PPTP and PPPoE clients, firewalls, port forwarding, and DHCP serving. It's hardly your daddy's router.

    You need to get some perspective. Belkin has been offering the Parental Control feature on its Routers since February 2003, having sold tens of thousands of them since that time. Prior to this uproar in early November, the company had not received any complaints from consumers about the browser redirect.

    Try looking at it from a non-geek perspective. The nervous consumer, after spending 30 minutes or more studying the documentation, installs the router. They go into their web browser and are taken to a web page that tells them that they are connected to the Internet and can now activate the filtering that they might want for their families -- or hit the "No Thanks" button. That sounds like a satisfying experience for the typical technophobic consumer who would buy a Belkin router.

    If we were talking about a Cisco rack-mount router aimed at enterprises, I'd be right with you in your criticism, but this is a consumer product and it's expected to be easy to set up -- including any aftermarket filtering subscriptions that may be offered. I'm not saying that Belkin made the right choice, but neither do I see it as that unmitigated evil that you do.