Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netgear's Amusing "fix" for WG602v1 Backdoor

Posted by CmdrTaco on from the get-your-giggle-on dept.

An anonymous reader writes "Recently Slashdot reported that the Netgear router has as WLAN backdoor. According to this report by the news service of the German publisher Heise Netgear "fixed" the problem with a firmware update. And what is the fix? According to Heise, they didn't remove the backdoor at all. Instead they just changed the login information! They replaced the old user name 'super' with 'superman', and changed the old password to '21241036'. "

54 of 515 comments (clear)

  1. Oops... by danielrm26 · · Score: 5, Funny

    Chalk up another loss for 'security by obscurity'.

    --
    dmiessler.com -- grep understanding knowledge
    1. Re:Oops... by Petrol · · Score: 4, Funny

      What's the second rule?

      --
      ...and that's the end of our show. Donk!
    2. Re:Oops... by Anonymous Coward · · Score: 2, Funny

      Second rule: See first rule.

    3. Re:Oops... by AndroidCat · · Score: 5, Funny

      If someone war-chalks it up, it won't be obscure for long. What is the symbol for "lame gateway security"?

      --
      One line blog. I hear that they're called Twitters now.
    4. Re:Oops... by djansen · · Score: 5, Funny

      Well, it IS an improvement. The increase from 5 characters for the login to 8 now makes it SO much harder to crack. What was the old password? Someone do the math and figure out the number of new permutations they've added. Ha. I bet this is how the guy who did it justified the whole thing.

      "What da ya mean? It's MUCH more secure than it was before."

      Doh.

    5. Re:Oops... by Anonymous Coward · · Score: 2, Funny

      What is the symbol for "lame gateway security"?

      This, obviously.

    6. Re:Oops... by NickFortune · · Score: 4, Funny
      In future I will purchase products from other companies since theirs do not address my needs at this time.

      I feel better for that...

      --
      Don't let THEM immanentize the Eschaton!
    7. Re:Oops... by D-Cypell · · Score: 4, Funny

      Well... if there is one thing that can be said of slashdot... we certainly know how to fix that pesky 'obscurity' problem ;o)

    8. Re:Oops... by chegosaurus · · Score: 2, Funny

      Don't choose "password".

    9. Re:Oops... by Anonymous Coward · · Score: 2, Funny

      If they drove a Toyota, they wouldn't be my friends.

    10. Re:Oops... by worst_name_ever · · Score: 4, Funny
      What's the second rule?

      I don't know, but I know Rule 8: If this is your first login, you have to change your password.

      --

      In Soviet Rush, today's Tom Sawyer gets high on you.
    11. Re:Oops... by Anonymous Coward · · Score: 1, Funny

      Can I change it to "password"?

    12. Re:Oops... by Fjord · · Score: 5, Funny

      The first rule of passwords is that you do not talk about your passwords.
      The second rule of passwords is that you do not talk about your passwords.
      The third rule is if someone uses "password" or nothing, there is no password.
      The fourth rule is only one person to a password.
      The fifth rule is one password at a time.
      The sixth rule is no sheets, no stickies.
      The seventh rule is password will be expired when they have to

      and the final rule of passwords is, if it's your first logon, you have to set one.

      --
      -no broken link
    13. Re:Oops... by chrispl · · Score: 4, Funny

      Be realistic, if the box DID have a sticker saying "Router WG602 - Now With Even More Backdoors!" most Joe-BestBuy-Consumers would flip it over and look for little doors on the back of it.

      Face it, until there is a major disaster involving IT security most of this type of information will remain the exclusive domain of security geeks and haxors.

      --
      What post? The one you're carrying inside your rusty innards!
    14. Re:Oops... by Oliver+Wendell+Jones · · Score: 2, Funny

      Rule 2 - No Pooftahs

      --
      A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
    15. Re:Oops... by raulzero · · Score: 2, Funny

      Don't know about the second rule... Third rule: Profit.

    16. Re:Oops... by Janek+Kozicki · · Score: 4, Funny

      one password to rule them all,
      one password to find them,
      one password to bring them all
      and in the darkness bind them

      oh wait... shouldn't people use more than one password?

      --
      #
      #\ @ ? Colonize Mars
      #
    17. Re:Oops... by Anonymous Coward · · Score: 1, Funny

      No, the average user can just find some expert that can do that, and offer them a blowjob for it.

    18. Re:Oops... by PetoskeyGuy · · Score: 2, Funny

      (NG)
      super

      -or-

      (NG)
      superman

    19. Re:Oops... by fallen1 · · Score: 2, Funny
      What is the symbol for "lame gateway security"?

      I think that is the middle finger extended while all other fingers are retracted. Usually used by large corporations towards small consumers when said consumers find out the product they have purchased is shit and have complained to said large corporation... but I guess it'll work just as well in this case. ;-)

      --

      Dream as if you'll live forever.
      Live as if you'll die tomorrow.
      ~Anonymous~

    20. Re:Oops... by coldguy · · Score: 2, Funny

      if anyone needs their router fixed, let me know.

    21. Re:Oops... by pyrrhonist · · Score: 2, Funny
      Third rule of passwords is: DON'T use your pet's name as password.

      No way! I always use my cat's name, "qx5Rt8klV95fgEr5", as a password. Of course, I change her name every month.

      --
      Show me on the doll where his noodly appendage touched you.
    22. Re:Oops... by bellers · · Score: 3, Funny

      >>What is the symbol for "lame gateway security"?

      Last time I checked it, was a flag that sort of looked like a window...

      --
      This space for rent.
  2. Nice fix. by SpyPlane · · Score: 5, Funny

    That would be like "fixing" Windows 95 with Windows ME.

    --
    "We need a fourth law of Robotics: Stop Fingering My Wife"
  3. I wonder... by barcodez · · Score: 4, Funny

    I thought the last article said changing passwords was a good idea! Make your minds up.

    I jest of course.

    --

    ----
    1. Re:I wonder... by FearTheFrail · · Score: 5, Funny

      But it takes numbers + characters to make -strong- passwords. So the next logical step:

      Login: Theyllneverguess
      Password: cuzimso1337

      --
      ___ In the words of Gen. Douglas McArthur: "I'll be right back."
    2. Re:I wonder... by Anonymous Coward · · Score: 3, Funny
      Wow, I'm so glad you cleared that up for us...

      +1 INFORMATIVE!!

  4. Superman!! by Claire-plus-plus · · Score: 5, Funny

    Well at least sys-admins and network engineers can finally use the login name they think they deserve.

    --
    99 bottles of beer in 175 characte
  5. Re:noo! by frs_rbl · · Score: 1, Funny
    the Ger? to the H?ler zur?zubringen and the purchase price zur?zufordern

    But if they H?ler zur?zubringen , and the purchase price zur?zufordern... we are DOOMED!

    --
    This is not my opinion. Actually, it's not even an opinion. And I'm nowhere to be seen near it
  6. Now you did it! by saddino · · Score: 4, Funny

    They replaced the old user name 'super' with 'superman', and changed the old password to '21241036'. "

    And thanks to Slashdot, thus begins an endless stream of firmware updates; every time Netgear "fixes" their problem, I'm sure an article here will put the cycle in motion again. Let's see, who wants to guess what they change the password to next?

    "superduperman", anyone?

  7. At least ... by supergiovane · · Score: 1, Funny

    ... the password is not 12345.

    --
    Signatures are for stupids.
    1. Re:At least ... by bje2 · · Score: 5, Funny

      That's amazing. I've got the same combination on my luggage.

      --

      "Facts are meaningless. You could use facts to prove anything that's even remotely true." - Homer Simpson
  8. I can just hear the techs now by ptelligence · · Score: 2, Funny

    This looks like a job for.......SUPERMAN!

  9. Re:anon to not karma whore by frs_rbl · · Score: 1, Funny
    If there is something worse than a karma whore, that is an anonymous karma whore...

    disgusting

    --
    This is not my opinion. Actually, it's not even an opinion. And I'm nowhere to be seen near it
  10. APARENTLY they like it.... by Anonymous Coward · · Score: 0, Funny

    IN THE BACK DOOR....lol someone had to say it...

  11. Super-Secure by Apocalypse111 · · Score: 2, Funny

    A backdoor? We're insecure? This looks like a job for... a random number generator!

    --
    There is no mod option "-1: Disagree" for a reason. "Overrated" is not an acceptable substitute. Post something instead.
  12. Re:babelfish by Anonymous Coward · · Score: 1, Funny

    Does anyone have a translation for those of us who can't read babelfish?

  13. Re:Not funny at all by Dutchmaan · · Score: 5, Funny

    This just isn't the way a responsible company behaves.

    responsible company

    Trying to put these two words together is like trying to touch two magnet ends with the same polarity.

  14. This is a good fix by razmaspaz · · Score: 2, Funny

    Now the hacker has to figure out which version of the firmware one is running in order to crack the password. And they can't figure that out without logging in. So everyone is safe now.

    :-)

    --
    I tried for 5 years to come up with a clever sig...only to realize that I am not clever.
  15. Re:anon to not karma whore by chris_mahan · · Score: 2, Funny

    I for one like my whores anonymous. It keeps things simpler...

    Oh, what exactly are we talking about again?

    --

    "Piter, too, is dead."

  16. Re:A joke surely? by N3Z · · Score: 2, Funny

    Those Netgear bozos really seem to be dumber then my cigar cutter.

    And not nearly as sharp!

    --
    .signature not found
  17. 21241036 - For Backdoor Network Access, Call Jenny by Compulawyer · · Score: 4, Funny

    The new password is apparently someone's PHONE NUMBER in Germany! No idea whose, but I gleaned this tidbit by getting a Babelfish translation of the page (orig, in German). For those in the US - Is this the networking equivalent of calling Jenny? (867-5309)

    --

    Laws affecting technology will always be bad until enough techies become lawyers.

  18. What really happened.. by flux · · Score: 3, Funny

    ..is that they lost the source, and all they could do was to binary patch the firmware image.

    Sad, but true ;-(.

    (or not)

  19. Re:Obligatory Spaceballs reference by Anonymous Coward · · Score: 1, Funny

    Remember me to change the password of my briefcase.

    Must be the subtitles from the Korean bootleg version.

  20. Press release like in the dot-com boom... by rice_burners_suck · · Score: 2, Funny
    For immediate release. June 8, 2004. Netgear (NASDAQ: BLAH) today announced immediate release of new technology designed to eliminate enterprise security threats by thwarting hackers. By leveraging innovative technologies, content providers streamline compelling enterprise solutions.

    The technology, which allows anyone to access enterprise networks when they enter 'superman' for the username and and '21241036' for the password, frees enterprises from worrying about security issues and allows IT managers to focus on implementing talking paperclips on enterprise desktops. "We are excited about the new technology," commented Steve Hjarkblonka in an interview. "For the first time since the invention of computers, the threat of security intrusions has been completely eliminated. Enterprises can now enjoy 100% unbreakable security."

    Geoff Nikreny, chief security officer with Endostar Inc, calls the secure-by-default approach, in which once-vulnerable features are patched, a "mistake" that will lead to deployment confusion. But he doesn't know what he's talking about anyway. So for 100% unbreakable security, buy Netgear.

    Offer good while supplies last.

  21. In other news by jamonterrell · · Score: 3, Funny

    Netgear has posted a whopping 1300 firmware design jobs on monster.com!

    --
    I can count to 1023 on my hands. Ask me about #132.
    1. Re:In other news by Phurd+Phlegm · · Score: 2, Funny
      Netgear has posted a whopping 1300 firmware design jobs on monster.com!
      Oops--that was just their monster.com password. Sorry for any confusion that might have resulted.
  22. Following orders literally, perhaps? by Anonymous Coward · · Score: 1, Funny
    Hm. J. Random Maintainance Engineer hands in a good-faith estimate of the cost of fixing this backdoor properly to the massed PHBs only to be told it's too expensive and asked for an alternative:

    "Well, I suppose we could just change the username and password..."

    "DO IT!"

    "If you say so, sir"

    Pure speculation, of course.

  23. The real question is... by MattGWU · · Score: 2, Funny

    ...how many times did they use the generator before settling on the number to use? Nobody in the history of the world has been satisfied by the FIRST random number generated!

    "No....no...no...maybe if it had a '7'. AH! Bingo!" -- Netgear Security Engineer

    --
    "These people look deep within my soul and assign me a number based on the order in which I joined" --Homer re:
  24. Foucault’s Pendulum by spoonyfork · · Score: 2, Funny
    > Do you have the password?
    > no
    Welcome to Abulafia!
    --
    Speak truth to power.
  25. In other news by Genevish · · Score: 3, Funny

    In a related story, Netgear has announced the formation of a new security division, formed with ex-Microsoft employees...

  26. Wonder what DC has to say... by Dave21212 · · Score: 2, Funny


    I wonder what DC Comics (and the other owners?) have to say about NetGear using their copyrighted character in a commercial product ?

    --
    "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
  27. Re:Bad Idea by Aumaden · · Score: 4, Funny
    In this case it's more like:

    "Oh, the white airbags don't work? Here, let me paint it blue."

  28. Grumpy old man (offtopic) by cgenman · · Score: 3, Funny

    In my day, the grease-on ben-tra ran like grease on a pan - that had been burned in place and left there for weeks. Our grease-on ben-tra had a zero to sixty time of sixty seconds, and couldn't steer without rattling like the bones of Buddy Holly. Fuel efficiency? That thing drank like an ex army sergent. And it broke down more often than Tammy Fae. Often times we would be driving it to the shop, and it would break down again on the way. You'd hook it up to the tow truck because of a broken front wheel and the rear axle would crack. Load it on the back, and the bumper would fall off. That thing wasn't a deathtrap: deathtraps have moving parts.

    Hope you like it. Have fun with your car!

    (note: it was an '86. I've heard they have gotten better.)

    --
    The ______ Agenda