Slashdot Mirror
Belkin To Offer Firmware Fix For Router Hijacking
L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming.
Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."
Although they remove this feature, what other 'usage statistics'-logging-features are silently embedded?
My newer D-Link 604 router has some statistics and a thorough logging function (which is displayed in the web gui). - Is all of it really visible to the end user?
It's a good bet from the manufacturers that the device will be online all the time.
Perhaps one should install a box to surveil the router/firewall, if any connections are initiated from the router?
henc
...It involves a hatchet.
Seriously, Belkin's response to this has been utterly abysmal. First they tried to justify it, only now that it's blowing up in their face do they try to remedy it.
They've lost a great deal of trust that they will never regain.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
"Important message from Belkin:
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you."
If anyone has the testy version, post that too! I'm curious.
evil adrian
Kharma whoring for fun and profit....
cache here (as of 10 Nov 2003 20:43 EST):
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
I was in the process of cutting and pasting Belkin's message into a story submission earlier today when it changed, so I have the original text. The message earlier today read:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Now we have the more concise and concilliatory
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet
but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Don't forget that Friday is Hawaiian shirt day.
Here's an article about it from about 7 hrs ago.
Here's an article about their stupid response.
Here's the original Slashdot article.
evil adrian
Every 8 hours you get redirected to a page saying "Sorry, we won't do it again. Promise."
Sorry if everyone's seen it already, just saw someone post it on another messageboard I read.
UserFriendly ad
I use an old Pentium computer as a Linux router for my cable modem; I was an early adopter of broadband, before these router devices were affordable.
:-( ), but after seeing this little stunt, no way. I won't trust any router that I can't program myself now. When my Packard Hell quits, I'm gonna just buy another old used computer and turn it into a Linux router.
;-)
I had considered switching over to one of these devices (I have periodic problems with the hard disk failing, and I am running out of small hard disk replacements for it
I would strongly urge anyone else savvy with Linux or even *BSD administration to strongly consider this route. Belkin just proved that you can't trust anyone to route your data with a "black box" solution. OK, maybe not Cisco, but are you gonna fork over $10k for a home router?
(Yes I know Cisco just bought Linksys; I still won't trust 'em)
Trouble is, we buy products because it is good for us, not good for the manufacturer. They seem to have lost sight of it, although may have realised their mistake (or equally likely they haven't realised it, but it's just they dislike the bad publicity).
Either way, it speaks volumes of their corporate decision making. In my experience, corporate decision making is at best, of highly variable quality; managers try to come up with just slightly too clever schemes that try to raise profits at the (non financial) expense of the customer. These things add negative qualities to the product. Why would you ever want to do that?
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"The problem is, you do accept it so willingly. You shouldn't have to deal with this. Nobody should have to.
Advertising shouldn't be on a product that is paid for. The router should do only one thing: route packets. Anything else, if it drops packets, rewrites packets (which it does), etc, then it doesn't work properly, and a complaint to Belkin is in order, along with a request for an RMA#. If the router is designed not to work properly (as it seems), then we need to file a report with the FTC.
Belkin has lost my business, until they very aggressively do something to FIX the problems of the internet.
All that backing off here is doing, is admitting that they pushed a bit too hard. Nobody can tell me that the goal of Belkin has changed, or is any different from VeriSign's. They want to manipulate the infrastructure of the internet. They want control over my computer, and how it works.
Fuck 'em. They have to REALLY work hard to win back my business. Apologizing and issuing a firmware patch ain't good enough by half.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Corporate behavior like this drives me insane. The personal labor cost to fix their defective product exceeds the price of the product. But I'm sure the EULA is careful to explain that the product is not necessarily useful for anything and Belkin is liable for nothing beyond the price of the product.
Two wrongs don't make a right, but three lefts do.
I accept it as the way companies act today, nothing unusual.
This is what is really bad, and why Belkin thought they could get away with this crap. We have become used to the abuse. We need to stand up and say, "I'm mad as hell, and I'm not gonna take it anymore!"
The incredibly onerous and annoying contracts that have become standard parts of software licenses are starting to creep out of the fine print of click-through EULA's that no one ever reads and into everyday life. I think hardware companies look enviously at software companies, with their "no responsiblity for the company/no rights for the user" legal disclaimers. They are increasingly trying to get the same kind of weasely deals for themselves.
But actual physical products are a different animal, and you can't hide how you're screwing the customer behind an "agree" button. If EULA's weren't such confusing legalese, and people actually bothered to understand what they are actually "agreeing" to, I believe we'd all make a bigger stink about it. Fortunately, it's more obvious when physical items try to act like virtual ones.
Don't forget that Friday is Hawaiian shirt day.
Hey, not to rise to Belken's defense (because I'm not too hip on their products.... got a dead USB hub from them once... and a dead USB add-on card a week later, both RMA'ed and replaced thou, but still...), but does anybody seriously think this was an intentional stunt?
More likely then not, this was the brainchild of some idiot in marketing, who will probably lose his job over it. One of those ideas that looks great on paper and blows up in your face when released to the world. It's happened to all of us at one point or another (though probably not to this scale).
Now that doesn't excuse the initial statement on the website defending the feature. But again, that was probably the brainchild of some idiot in PR saying "We can't admit we made a mistake". Fortunately, it seems that smarter heads prevailed in this case.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
In case you would like to apply for Mr. Deming's job, it's available. (Scroll down to "Marketing Manager"). Or, just write careers@belkin.com.
Of course, Belkin won't accept just anyone. The "right candidate" must be able to "strategize, initiate, and execute". He or she must be able to "drive revenue" and "leverage knowledge" about "end-user sell-thru strategies" and must be able to "align resources" and "translate raw content".
1) This is not software, nor did it need drivers to work. There should be no "No thanks" 'button'- period.
2) What if you're NOT using a browser for your applications? What if you're using SOAP or XML-RPC for something? In either of those cases, Belkin's little advert thing will BREAK things.
3) When I install software, I don't get ads about new products when I'm installing. This includes GAMES.
I don't care HOW you'd like to rationalize it- what Belkin did was way over the top stupid.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
In AD 2003
War was beginning
Manager: What happen?
Sys Admin: Somebody set us up the router
User: We get page
Manager: What!
User: Main Monitor Turn On
Manager: Its you!
Belkin: How are you gentlemen?
Belkin: All your requests are belong to us
Belkin: You are on the way to destruction
Manager: What you say!!
Belkin: You have no chance to survive make your backup
Belkin: HA HA HA HA...
User: Boss!!
Manager: Take off every 'port'!!
Manager: You know what you doing
Manager: Move port
Manager: For great justice
I am Monkey, the Great Sage, equal of heaven!
- but this issue is WAY over-hyped.
Wrong. When a precedent is set it is always a huge deal; hijaaking HTTP requests for company-sponsored oh-yeah-I-guess-it-could-be-seen-as-an-ad spam breaks new ground. Lookit, people still cheer Chuck Yeager for breaking the sound barrier, Hank Aaron for his home runs, Armstrong for his one small step and we still jeer Robert Morris Jr.'s first Internet Worm, Amazon's One-Click patent, X10's pop-under ads (not the actual first, but many people's first in experience). Closer to home, you and everyone reading this remembers the first time they clicked a Slashdot troll's link to Goatse. Belkin will be remembered for bringing spam and censorship to the router long after others extend the breach further.-- @rjamestaylor on Ello
The Belkin router had not only a non compliant routing algorithm, but it had also a backdoor. Remember, if you clicked on "No Thanks", then a flag INSIDE THE ROUTER would be modified to disallow the misbehavior. Namely CLICKING AN EXTERNAL WEBPAGE MODIFIED THE INSIDES OF YOUR ROUTER!!!!! Is Belkin fixing this security hole also?
Thank you.
:)
I just wish there was a more adequate explanation of UPnP in the manual. Here's a copy of it, taken directly from the manual:
"UPnP is short for Universal Plug and Play which is a networking architecture that provides compatibility among networking equipment, software, and peripherals. The DI-604 is a UPnP enabled router and will only work with other UPnP devices/softwares. If you do not want to use the UPnP functionality, it can be disabled by selecting "Disabled".
It should read:
"Leaving this stupid fucking feature on leaves you bent-over and spread-cheeked for when a piece of malicious software comes along decides block every damn port on our router. UPnP allows changes to be made without your knowledge OR consent--it allows any program to totally bypass user/admin authentication. As an added bonus, entries commited via this backdoor^H^H^H^H^H^H^H^H"feature" cant' be removed without first factory-defaulting the whole goddamn router and rebooting it. Anyway, Microsoft wants us to put it here and leave it on by default. Click the box to disable it."
I think my explanation is much clearer, don't you?
Bowie J. Poag
Instant poll:
Who smoked the most crack in 2003?
(_) SCO
(_) Belkin
(_) Verisign
(_) CowboyNeal
(_) *A
(_) All of the above
Ceci n'est pas une signature