D-Link DIR-655 Firmware 1.21 Hijacks Your Internet Connection

chronopunk writes "Normally when you think of firmware updates for a router you would expect security updates and bug fixes. Would you ever expect the company that makes the product to try and sell you a subscription for security software using its firmware as a salesperson? I recently ran into this myself when trying to troubleshoot my router. I noticed when trying to go to Google that my router was hijacking DNS and sent me to a website trying to sell me a software subscription. After upgrading your D-link DIR-655 router to the latest firmware you'll see that D-link does this, and calls the hijacking a 'feature.'"

Re:Slashdot Editors, Do Some Editing

[Knara]

1) I wouldn't call "WITHOUT SecureSpot 2.0" in plain view. It's not like SecureSpot means anything to me. It has the name Secure so it sounds like something I would want. Now if they named it KickInTheBalls 2.0 or maybe SlapInTheFace 3.2 I would know to avoid it. SecureSpot means nothing to me.

If I'm updating a piece of hardware's firmware, and there's an alternative download that is prominently displayed right next to the link that says "without ", I'm going to wonder what it is and check it out. If you don't have that sort of curiosity, you're in for some pain later down the line.

2) Upgrading firmware on a firewall/router why? Are you kidding me? You're going to be-little people who pro-actively secure their main entry point to the outside world. From now on you should lose your Slashdot posting privs.

Again, this is not "I saw that there were vulnerabilities and so I updated." This was, "Well, I saw that the version number was higher, and higher is better, so I did it!" That sort of blind upgrade practice is dangerous because it can lead to surprises (as it did here, which was thankfully innocuous).