NetGear Also Has Remote Access Wide Open
Glenn Fleishman writes "On the heels of Linksys's WRT54G problem of not allowing remote access to be disabled in certain cases and firmware, BugTraq published this report that NetGear's WG602 access point has a hidden password that provides remote and local administrative control. Unlike Linksys's, where turning the firewall on (which is on by default, but a researcher found new units in which it was off when taken out of the box), the NetGear hole cannot be disabled. The backdoor seems to have been created by the vendor that packaged the device for NetGear."
you can turn off the external web interface on those things right? I guess that doesn't help if you're worried about crackers on your LAN but still, it may not be as bad as it sounds.
Undocumented = bad though,
I think everyone can agree that backdoor passwords are a BAD idea - makes one wonder what the internal policies are at these companies - and what happens when they do a source code audit after these are found and track down the programmers who put 'em in.
Hulk SMASH Celiac Disease
For example firewalls:
Question 1: how do you know the box firewall you bought is secure and no backdoors?
Answer: normally you do not.
Question 2: Why do majority ofpeople buy those instead of making their own?
Answer: Because it is a lot more convinient
So instead of spending time to build something, most people want to just get something that works and thus have to just trust the vendors, as they do not have the skill/time/inclanation/will etc to do it themselves.
routers look better all the time. At least you have some control over it....if you're a geek anyway.
Which ones of the consumer products are safe? I'm running a D-Link wireless right now.Yes the encryption is on.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
These things usually sit behind a firewall, so you aren't in quite as bad shape as if it offering it's private parts to the general internet like the Linksys.
This isn't outsourcing in the sense that IBM outsources its programing and support staff. It's oursourcing in the sense that your Raleigh bicycle is actually a Giant with a Raleigh sticker on.
.
It isn't even really outsourcing in the sense that Dell oursources its video cards to ATI, its cpus to Intel and its CD drives to LG, which is all perfectly legitimate. Would you really expect Dell to make its cpus and capacitors?
You buy stuff and market it.
z-com is the actual manufacturer and they sell their products to marketers. Netgear just buys the stuff and resells it.
Just like you could go to z-com and have them slap some stickers on stuff for you to resell. Or Giant. Or whoever makes Levis and Calvin Klien jeans in China. Or. .
This isn't about "outsourcing." This about a marketing firm getting stuck with some bad product.
KFG