Slashdot Mirror
Netgear's Amusing "fix" for WG602v1 Backdoor
An anonymous reader writes "Recently Slashdot reported that the Netgear router has as WLAN backdoor. According to this report by the news service of the German publisher Heise Netgear "fixed" the problem with a firmware update. And what is the fix? According to Heise, they didn't remove the backdoor at all. Instead they just changed the login information! They replaced the old user name 'super' with 'superman', and changed the old password to '21241036'. "
But that's just me.
Why are companies allowed to get away with this crap just because we pay them for their shoddy wares?
Any open source coder would be summarily flogged for such a transgression. Why on EARTH is this not literally considered a criminal offense for a company to do?
And I for one used to hold Netgear in reasonably high regard, too.
Never again.
And then one day you find, ten years have gone behind you....
Now this is very sad. How can any semi-reputable company call changing the admin username and password for a major security hole a fix? Especially since they should have realized this new username/password would hit the net faster than Homer at an all you can eat buffet.
Since these things have built in firewalls, wouldnt the fix just include a user-invisible firewall rule preventing access to the router on whatever the admin port is (80, 8080, etc..)? Seems like a fairly simple fix to me.
Thanks Netgear! You've just assured that I'll never buy one of your products!
It's better to burn out than to fade away
Unfortunately Heise (publisher of c't and iX) is the probably most clueful German publishing house when it comes to technology.
Those Netgear bozos really seem to be dumber then my cigar cutter.
The other explanation is that the equipment has such a fundamental design flaw that it can't be fixed at all. But then they act damn unresponsible.
Then again: Thanks to such blunders I know what equipment not to buy.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
>Why are companies allowed to get away with this crap just because we pay them for their shoddy wares?
.016 euro
The answer lies within the question: Because we pay them.
If someone paid you to paint a building and didn't care whether you stripped off the old paint first, I guarantee you you would just slap a coat over the old paint.
>And I for one used to hold Netgear in reasonably high regard, too.
Your mistake, then.
>Never again.
You should not say never if you want to reach them. This just makes the company execs think that since they can never reach you as a customer again, they won't make the effort. What you should say instead is: "I will purchase products from other companies since theirs do not address my needs at this time."
This is reasonable to them, and they won't discount you as a hot-head but rather may take your advice.
Just my
"Piter, too, is dead."
The question of "why are companies allowed to get away with this crap" is a good one. They should either be forced to tell people what they're buying, or be accountable for the consequences of deception.
Well, it seems pretty obvious to me... it's supposed to be there.
This shows that it was Netgear's intention to purposely put back doors into the product. The reason "why" is not really evident. I can leave that up to the tinfoil hat crowd.
That's crap. There may be a multitude of reasons why they couldn't remove the backdoor (no access to source code, the guy who wrote it was on holiday, whatever...) but they could have at least changed the password with a hex editor to something that was difficult to type from a keyboard, low-ascii values for example.
Your last line says it all - they should be held accountable. If it's advertised as being secure, and a backdoor is found, they should have to buy back every single unit or replace every single unit with a working one.
If anyone has been damaged by the availability of the back door they should be held liable even if they claim you waive that right in their license agreement (their license agreement does not state there may be the possibility of back doors, no?)
If you claim something is secure, but that you can't prevent all future attacks so you can't be liable, that's one thing, but when the liability is clearly your fault, it's another.
Stupid sexy Flanders.
Then again: Thanks to such blunders I know what equipment not to buy.
The fundamental problem here is that we're running out of vendors! Linksys and Belkin are on the shitlist; now NetGear. Who, exactly, does that leave for consumer-grade networking equipment? I don't know about where you live, but where I live, these are about the only three vendors that show up on the computer store shelves (well, there are some cheapo brands, but they suffer even worse quality control problems).
You answered your own question. If everyone who owns one of these took it back and demanded their money back because it is not suitable for the purpose for which it was sold, they'd soon get the message.
Why on EARTH is this not literally considered a criminal offense for a company to do?
Because the civil courts are there to cope with this kind of thing?
_O_
.|< The named which can be named is not the true named
This is BS. There are many responsible companies. Unfortunately they usually don't become big because being responsible usually means that they have to have higher prices.
No, there aren't many responsible companies at all, and your post illustrates why. They have higher prices, less effective marketing (because they don't lie like their irresponsible competition), don't get ahead because they don't do unethical backroom deals, etc., so in the end they just go belly-up, and all the irresponsible companies get bigger.