Slashdot Mirror
Belkin To Offer Firmware Fix For Router Hijacking
L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming.
Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."
Although they remove this feature, what other 'usage statistics'-logging-features are silently embedded?
My newer D-Link 604 router has some statistics and a thorough logging function (which is displayed in the web gui). - Is all of it really visible to the end user?
It's a good bet from the manufacturers that the device will be online all the time.
Perhaps one should install a box to surveil the router/firewall, if any connections are initiated from the router?
henc
...It involves a hatchet.
Seriously, Belkin's response to this has been utterly abysmal. First they tried to justify it, only now that it's blowing up in their face do they try to remedy it.
They've lost a great deal of trust that they will never regain.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
"Important message from Belkin:
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you."
If anyone has the testy version, post that too! I'm curious.
evil adrian
Kharma whoring for fun and profit....
cache here (as of 10 Nov 2003 20:43 EST):
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
I was in the process of cutting and pasting Belkin's message into a story submission earlier today when it changed, so I have the original text. The message earlier today read:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Now we have the more concise and concilliatory
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet
but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Don't forget that Friday is Hawaiian shirt day.
Here's an article about it from about 7 hrs ago.
Here's an article about their stupid response.
Here's the original Slashdot article.
evil adrian
So now we can pay for them to track our activities and send us advertisement. Reminds me of how initially having a logo on an article of clothing seamed insane... now we are walking billboards.
30% Troll, 50% Underrated, 10% Interesting
Score:5, Troll
I am in the market for a small home DSL router and now that Belkin is completely out of the running, what would you choose? I would love one with SNMP monitoring. I currently have an old LinkSys 4 port-er. 802.11g would be nice to have on it. Any suggestions?
Strange women lying in ponds distributing swords is no basis for a system of government.
"Feature"?... Dear lord. There must be some really, really fine crack going around in industry circles these days. Belkin sounds like they've taken a hit or two off the SCO crack pipe.
I wonder if they use their own products in-house. That would be a fitting punishment if it ever came down to a class-action suit.... Force Belkin to use their own products.
Bowie J. Poag
Every 8 hours you get redirected to a page saying "Sorry, we won't do it again. Promise."
I have a Belkin for my home. Upon setting up the equipment, the advert page was the first one I saw. I skipped it, but encountered it again about a (?) week later. That time I actually read it and realized I had to jump through a hoop to never see the page again. I can't imagine managing a computer lab and taking more than a day to notice the advert.
/. as a discussion topic. I accept it as the way companies act today, nothing unusual.
Yes, I was annoyed, but no more than from mandatory product registrations or e-mails I receive from e-tailers from whom I've bought something. In the grand scheme of things, I'm used to the abuse. Today's standard practice is to let the customer opt-out after the first annoying sales pitch.
I honestly was surprised to see this issue posted on
"We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed."
Hmm.. hopefully this doesn't mean they're going to do something even more nefarious, like only hijack sessions going to the websites of parental control software manufacturers...
I look forward to seeing how they wind up handling the fix, and what they have to say about the patch when it's released. Hopefully Belkin has learned that this was an incredibly bad idea and will do the right thing. However, only time will tell this.
Of course, it still won't convince me to buy Belkin products again. Trust lost to abuse takes a long time to regain.
-Matt
Sorry if everyone's seen it already, just saw someone post it on another messageboard I read.
UserFriendly ad
I use an old Pentium computer as a Linux router for my cable modem; I was an early adopter of broadband, before these router devices were affordable.
:-( ), but after seeing this little stunt, no way. I won't trust any router that I can't program myself now. When my Packard Hell quits, I'm gonna just buy another old used computer and turn it into a Linux router.
;-)
I had considered switching over to one of these devices (I have periodic problems with the hard disk failing, and I am running out of small hard disk replacements for it
I would strongly urge anyone else savvy with Linux or even *BSD administration to strongly consider this route. Belkin just proved that you can't trust anyone to route your data with a "black box" solution. OK, maybe not Cisco, but are you gonna fork over $10k for a home router?
(Yes I know Cisco just bought Linksys; I still won't trust 'em)
Trouble is, we buy products because it is good for us, not good for the manufacturer. They seem to have lost sight of it, although may have realised their mistake (or equally likely they haven't realised it, but it's just they dislike the bad publicity).
Either way, it speaks volumes of their corporate decision making. In my experience, corporate decision making is at best, of highly variable quality; managers try to come up with just slightly too clever schemes that try to raise profits at the (non financial) expense of the customer. These things add negative qualities to the product. Why would you ever want to do that?
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"Then, either Saturday or Sunday, they changed it to the far less likable one, which was much closer to Eric Deming's original reply in the usenet thread (which, oddly enough, was deleted from google groups). The problem is that it seemed more that they were trying to spin than acknowledge the problem. Methinks that they went back to the first version because they realized that they couldn't spin it at all.
Belkin has lost my business, until they very aggressively do something to FIX the problems of the internet.
All that backing off here is doing, is admitting that they pushed a bit too hard. Nobody can tell me that the goal of Belkin has changed, or is any different from VeriSign's. They want to manipulate the infrastructure of the internet. They want control over my computer, and how it works.
Fuck 'em. They have to REALLY work hard to win back my business. Apologizing and issuing a firmware patch ain't good enough by half.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
It doesn't really tell us anything new, except that Belkin seems to be missing the point entirely, defending their "feature" and not mentioning anything about any upcoming firmware fixes.
Corporate behavior like this drives me insane. The personal labor cost to fix their defective product exceeds the price of the product. But I'm sure the EULA is careful to explain that the product is not necessarily useful for anything and Belkin is liable for nothing beyond the price of the product.
Two wrongs don't make a right, but three lefts do.
I went shopping for a laptop bag yesterday. I really liked this Belkin one I found, but decided not to buy it solely because of their little router spamming escapade. I won't buy Belkin products anymore.
The sooner hardware manufacturers realize that pulling stunts like this results in some sort of backlash which affects their bottom line, the better.
Need Free Juniper/NetScreen Support? JuniperForum
I accept it as the way companies act today, nothing unusual.
This is what is really bad, and why Belkin thought they could get away with this crap. We have become used to the abuse. We need to stand up and say, "I'm mad as hell, and I'm not gonna take it anymore!"
The incredibly onerous and annoying contracts that have become standard parts of software licenses are starting to creep out of the fine print of click-through EULA's that no one ever reads and into everyday life. I think hardware companies look enviously at software companies, with their "no responsiblity for the company/no rights for the user" legal disclaimers. They are increasingly trying to get the same kind of weasely deals for themselves.
But actual physical products are a different animal, and you can't hide how you're screwing the customer behind an "agree" button. If EULA's weren't such confusing legalese, and people actually bothered to understand what they are actually "agreeing" to, I believe we'd all make a bigger stink about it. Fortunately, it's more obvious when physical items try to act like virtual ones.
Don't forget that Friday is Hawaiian shirt day.
From the parent post: "... average IQ of marketers
The average IQ of some marketers is less than zero. They are very intelligent in being destructive to their companies, meaning they have a high negative IQ. Deciding to include router hijacking is not something an ignorant person could do.
The router hijacking idea was a product of considerable creative thinking. And Belkin's router project manager Eric Deming made himself semi-famous on Slashdot. Not everyone could do that!
Think how this will look on Mr. Deming's resume, as he looks for a new job: "I significantly affected my company's profitability." This is honest because: (Truth in marketing) = - (Actual truth).
It's on Tools->Misc.
Right! I always make sure UPNP is disabled on every XP box I set up. I can't really see good reasons for the service to be there - and I recall people complaining about the security holes it created back when it was first released to the public.
I'm just a little bit surprised routers are actually making use of it now. I guess it's all about pressure put on them to make it easier for people to run special services from multiple computers (since NAT firewalls make you redirect traffic to one specific IP otherwise).
Ultimately, it's a matter of convenience vs. security, and to me, UPNP compromises too much security for "ease of use". It's like setting your home alarm system up with an easy to remember code like 1-2-3, for the sake of convenience.
In case you would like to apply for Mr. Deming's job, it's available. (Scroll down to "Marketing Manager"). Or, just write careers@belkin.com.
Of course, Belkin won't accept just anyone. The "right candidate" must be able to "strategize, initiate, and execute". He or she must be able to "drive revenue" and "leverage knowledge" about "end-user sell-thru strategies" and must be able to "align resources" and "translate raw content".
Following is my revised email sig, part of which is stolen from a +5 rated message from the last story. Keep the pressure on folks. As Microsoft has so clearly demonstrated, preventing further harm from one specific act is not enough to dissuade new and more creative despicable acts by malicious corporations. Companies must realized that it is not enough to say you're sorry (particularly when you have your fingers crossed behind your back). We don't let criminals who have malice aforethought get away with "I'm Sorry". We should not be any more lenient with malicious corporations.
.com and .net TLDs."
0 5
.sig is to pay their pennance. Backing down is not enough, I require satisfaction. May I suggest a $100,000 donation to the EFF?
Belkin (verb) - To surreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.
"I installed topdesk and it belkined my browser."
"VeriSign's SiteFinder belkined the
Belkin products are broken as designed. http://slashdot.org/article.pl?sid=03/11/07/17402
Belkin has recanted and claims they will issue a patch. Good. Now all they have to do for me to remove this
Stop-Prism.org: Opt Out of Surveillance
And notice the phrase "during the installation process". Like they weren't doing something everybody does. What they aren't admitting to now is that it's not just during the installation process that they were spamming their customers.
Why is it whenever a company that thinks of itself as reputable sends spam (unasked for advertising messages) to someone they deny it is spam? 'We did not spam our users. We had a product we thought they would be interested in so we directed their attention to the product.' In other words, you spammed. Busted by your own admission.
I've used Belkin products in the past. Never again. Trust shattered. Blame the marketing person at your company who came up with this idea.
And, AFAICT, they're correct. It wasn't really spam and ``everyone on the internet'' that called it that were wrong. What everyone on the internet should have called it is ``a broken router'' which should have been recalled or replaced free of charge. Gosh, isn't nice of them to offer a firmware fix. What happens when the fix isn't applied properly by the end-users? Well they're pretty much screwed as far as their internet access now aren't they? Belkin should do the right thing and ship everyone using one of these broken units a brand new router that properly routes.
Almost makes you wish for a certification process for any equipment that's connected to a public network. If it doesn't strictly adhere to IETF standards, it doesn't get connected. Just out of curiosity, what RFC specifies the manner by which a router is supposed to replace requests with preferred advertisers? Oh yah. The same one Verisign referred to when designing their SiteFinder atrocity.
CUR ALLOC 20195.....5804M
1) This is not software, nor did it need drivers to work. There should be no "No thanks" 'button'- period.
2) What if you're NOT using a browser for your applications? What if you're using SOAP or XML-RPC for something? In either of those cases, Belkin's little advert thing will BREAK things.
3) When I install software, I don't get ads about new products when I'm installing. This includes GAMES.
I don't care HOW you'd like to rationalize it- what Belkin did was way over the top stupid.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Dude. You're supposed to say that to THEM when you apply, not here. Granted - with dialog like that, I'm sure you're a shoe-in. You're speaking their language.
In AD 2003
War was beginning
Manager: What happen?
Sys Admin: Somebody set us up the router
User: We get page
Manager: What!
User: Main Monitor Turn On
Manager: Its you!
Belkin: How are you gentlemen?
Belkin: All your requests are belong to us
Belkin: You are on the way to destruction
Manager: What you say!!
Belkin: You have no chance to survive make your backup
Belkin: HA HA HA HA...
User: Boss!!
Manager: Take off every 'port'!!
Manager: You know what you doing
Manager: Move port
Manager: For great justice
I am Monkey, the Great Sage, equal of heaven!
The notion of going direct to their resellers, CompUSA, BestBuy, Apple, Gateway, etc. is a good one. And doing it at the Corporate level is the way to go.
Call the Corp. HQ and ask for the "Buyer/Merchandiser" for Hubs, Routers, whatever the hell your target reseller carries. Maybe you'll talk to the real-live human who buys Belkin's Spamware, and you can express your extreme unlikeliness to purchase the same. Can you spell "Excess Inventory?" I thought you could.
Failing finding a real human, e-mail the "Contact us" address AND the Investor Relations people in Finance. Same message. Same impact. If only a few thousand of us do it, BestBuy, Buy.com, CompUSA, etc., will roast Belkin over a slow fire.
After you're done telling me my job went overseas because I'm stupid, George, how about telling me: Where's Osama? Where
- but this issue is WAY over-hyped.
Wrong. When a precedent is set it is always a huge deal; hijaaking HTTP requests for company-sponsored oh-yeah-I-guess-it-could-be-seen-as-an-ad spam breaks new ground. Lookit, people still cheer Chuck Yeager for breaking the sound barrier, Hank Aaron for his home runs, Armstrong for his one small step and we still jeer Robert Morris Jr.'s first Internet Worm, Amazon's One-Click patent, X10's pop-under ads (not the actual first, but many people's first in experience). Closer to home, you and everyone reading this remembers the first time they clicked a Slashdot troll's link to Goatse. Belkin will be remembered for bringing spam and censorship to the router long after others extend the breach further.-- @rjamestaylor on Ello
The Belkin router had not only a non compliant routing algorithm, but it had also a backdoor. Remember, if you clicked on "No Thanks", then a flag INSIDE THE ROUTER would be modified to disallow the misbehavior. Namely CLICKING AN EXTERNAL WEBPAGE MODIFIED THE INSIDES OF YOUR ROUTER!!!!! Is Belkin fixing this security hole also?
Thank you.
:)
I just wish there was a more adequate explanation of UPnP in the manual. Here's a copy of it, taken directly from the manual:
"UPnP is short for Universal Plug and Play which is a networking architecture that provides compatibility among networking equipment, software, and peripherals. The DI-604 is a UPnP enabled router and will only work with other UPnP devices/softwares. If you do not want to use the UPnP functionality, it can be disabled by selecting "Disabled".
It should read:
"Leaving this stupid fucking feature on leaves you bent-over and spread-cheeked for when a piece of malicious software comes along decides block every damn port on our router. UPnP allows changes to be made without your knowledge OR consent--it allows any program to totally bypass user/admin authentication. As an added bonus, entries commited via this backdoor^H^H^H^H^H^H^H^H"feature" cant' be removed without first factory-defaulting the whole goddamn router and rebooting it. Anyway, Microsoft wants us to put it here and leave it on by default. Click the box to disable it."
I think my explanation is much clearer, don't you?
Bowie J. Poag
Take a straw poll of Belkin Engineers, and you'll probably find that most of them also think that this was a stupid idea. I'm sure its a Marketing decision - no real Engineer I know would sanction such a thing. I know that where I work we've had to do stupid things to keep Marketing happy - and it's always enjoyable when the shit comes back to hit the fan and Marketing takes it in face. This kind of Engineering sport is enjoyable
The other good thing is this: now that it's been so embarrasing for Belkin, we can be reasonably confident that no one else will repeat the idea. Any marketing person who wants to keep their job will make sure of this: delivering and supporting firmware upgrades is not cheap, nor is the loss of goodwill for your product.
Does anyone have time to tell whether any other Belkin products have similar bozo-features ? Or, can we watch Belkin in the next month or two to see whether any other firmware upgrades are released ?
Instant poll:
Who smoked the most crack in 2003?
(_) SCO
(_) Belkin
(_) Verisign
(_) CowboyNeal
(_) *A
(_) All of the above
Ceci n'est pas une signature
The stock photo on the Belkin front page is the same one that is used on PNCBank ATM Machines...
:)
I guess she gets around