Slashdot Mirror


Netgear's Amusing "fix" for WG602v1 Backdoor

An anonymous reader writes "Recently Slashdot reported that the Netgear router has as WLAN backdoor. According to this report by the news service of the German publisher Heise Netgear "fixed" the problem with a firmware update. And what is the fix? According to Heise, they didn't remove the backdoor at all. Instead they just changed the login information! They replaced the old user name 'super' with 'superman', and changed the old password to '21241036'. "

25 of 515 comments (clear)

  1. Oops... by danielrm26 · · Score: 5, Funny

    Chalk up another loss for 'security by obscurity'.

    --
    dmiessler.com -- grep understanding knowledge
    1. Re:Oops... by Petrol · · Score: 4, Funny

      What's the second rule?

      --
      ...and that's the end of our show. Donk!
    2. Re:Oops... by AndroidCat · · Score: 5, Funny

      If someone war-chalks it up, it won't be obscure for long. What is the symbol for "lame gateway security"?

      --
      One line blog. I hear that they're called Twitters now.
    3. Re:Oops... by djansen · · Score: 5, Funny

      Well, it IS an improvement. The increase from 5 characters for the login to 8 now makes it SO much harder to crack. What was the old password? Someone do the math and figure out the number of new permutations they've added. Ha. I bet this is how the guy who did it justified the whole thing.

      "What da ya mean? It's MUCH more secure than it was before."

      Doh.

    4. Re:Oops... by NickFortune · · Score: 4, Funny
      In future I will purchase products from other companies since theirs do not address my needs at this time.

      I feel better for that...

      --
      Don't let THEM immanentize the Eschaton!
    5. Re:Oops... by D-Cypell · · Score: 4, Funny

      Well... if there is one thing that can be said of slashdot... we certainly know how to fix that pesky 'obscurity' problem ;o)

    6. Re:Oops... by worst_name_ever · · Score: 4, Funny
      What's the second rule?

      I don't know, but I know Rule 8: If this is your first login, you have to change your password.

      --

      In Soviet Rush, today's Tom Sawyer gets high on you.
    7. Re:Oops... by Fjord · · Score: 5, Funny

      The first rule of passwords is that you do not talk about your passwords.
      The second rule of passwords is that you do not talk about your passwords.
      The third rule is if someone uses "password" or nothing, there is no password.
      The fourth rule is only one person to a password.
      The fifth rule is one password at a time.
      The sixth rule is no sheets, no stickies.
      The seventh rule is password will be expired when they have to

      and the final rule of passwords is, if it's your first logon, you have to set one.

      --
      -no broken link
    8. Re:Oops... by chrispl · · Score: 4, Funny

      Be realistic, if the box DID have a sticker saying "Router WG602 - Now With Even More Backdoors!" most Joe-BestBuy-Consumers would flip it over and look for little doors on the back of it.

      Face it, until there is a major disaster involving IT security most of this type of information will remain the exclusive domain of security geeks and haxors.

      --
      What post? The one you're carrying inside your rusty innards!
    9. Re:Oops... by Janek+Kozicki · · Score: 4, Funny

      one password to rule them all,
      one password to find them,
      one password to bring them all
      and in the darkness bind them

      oh wait... shouldn't people use more than one password?

      --
      #
      #\ @ ? Colonize Mars
      #
    10. Re:Oops... by bellers · · Score: 3, Funny

      >>What is the symbol for "lame gateway security"?

      Last time I checked it, was a flag that sort of looked like a window...

      --
      This space for rent.
  2. Nice fix. by SpyPlane · · Score: 5, Funny

    That would be like "fixing" Windows 95 with Windows ME.

    --
    "We need a fourth law of Robotics: Stop Fingering My Wife"
  3. I wonder... by barcodez · · Score: 4, Funny

    I thought the last article said changing passwords was a good idea! Make your minds up.

    I jest of course.

    --

    ----
    1. Re:I wonder... by FearTheFrail · · Score: 5, Funny

      But it takes numbers + characters to make -strong- passwords. So the next logical step:

      Login: Theyllneverguess
      Password: cuzimso1337

      --
      ___ In the words of Gen. Douglas McArthur: "I'll be right back."
    2. Re:I wonder... by Anonymous Coward · · Score: 3, Funny
      Wow, I'm so glad you cleared that up for us...

      +1 INFORMATIVE!!

  4. Superman!! by Claire-plus-plus · · Score: 5, Funny

    Well at least sys-admins and network engineers can finally use the login name they think they deserve.

    --
    99 bottles of beer in 175 characte
  5. Now you did it! by saddino · · Score: 4, Funny

    They replaced the old user name 'super' with 'superman', and changed the old password to '21241036'. "

    And thanks to Slashdot, thus begins an endless stream of firmware updates; every time Netgear "fixes" their problem, I'm sure an article here will put the cycle in motion again. Let's see, who wants to guess what they change the password to next?

    "superduperman", anyone?

  6. Re:At least ... by bje2 · · Score: 5, Funny

    That's amazing. I've got the same combination on my luggage.

    --

    "Facts are meaningless. You could use facts to prove anything that's even remotely true." - Homer Simpson
  7. Re:Not funny at all by Dutchmaan · · Score: 5, Funny

    This just isn't the way a responsible company behaves.

    responsible company

    Trying to put these two words together is like trying to touch two magnet ends with the same polarity.

  8. 21241036 - For Backdoor Network Access, Call Jenny by Compulawyer · · Score: 4, Funny

    The new password is apparently someone's PHONE NUMBER in Germany! No idea whose, but I gleaned this tidbit by getting a Babelfish translation of the page (orig, in German). For those in the US - Is this the networking equivalent of calling Jenny? (867-5309)

    --

    Laws affecting technology will always be bad until enough techies become lawyers.

  9. What really happened.. by flux · · Score: 3, Funny

    ..is that they lost the source, and all they could do was to binary patch the firmware image.

    Sad, but true ;-(.

    (or not)

  10. In other news by jamonterrell · · Score: 3, Funny

    Netgear has posted a whopping 1300 firmware design jobs on monster.com!

    --
    I can count to 1023 on my hands. Ask me about #132.
  11. In other news by Genevish · · Score: 3, Funny

    In a related story, Netgear has announced the formation of a new security division, formed with ex-Microsoft employees...

  12. Re:Bad Idea by Aumaden · · Score: 4, Funny
    In this case it's more like:

    "Oh, the white airbags don't work? Here, let me paint it blue."

  13. Grumpy old man (offtopic) by cgenman · · Score: 3, Funny

    In my day, the grease-on ben-tra ran like grease on a pan - that had been burned in place and left there for weeks. Our grease-on ben-tra had a zero to sixty time of sixty seconds, and couldn't steer without rattling like the bones of Buddy Holly. Fuel efficiency? That thing drank like an ex army sergent. And it broke down more often than Tammy Fae. Often times we would be driving it to the shop, and it would break down again on the way. You'd hook it up to the tow truck because of a broken front wheel and the rear axle would crack. Load it on the back, and the bumper would fall off. That thing wasn't a deathtrap: deathtraps have moving parts.

    Hope you like it. Have fun with your car!

    (note: it was an '86. I've heard they have gotten better.)