Slashdot Mirror

← Back to Stories (view on slashdot.org)

D-Link DIR-655 Firmware 1.21 Hijacks Your Internet Connection

Posted by timothy on from the not-polite dept.

chronopunk writes "Normally when you think of firmware updates for a router you would expect security updates and bug fixes. Would you ever expect the company that makes the product to try and sell you a subscription for security software using its firmware as a salesperson? I recently ran into this myself when trying to troubleshoot my router. I noticed when trying to go to Google that my router was hijacking DNS and sent me to a website trying to sell me a software subscription. After upgrading your D-link DIR-655 router to the latest firmware you'll see that D-link does this, and calls the hijacking a 'feature.'"

6 of 428 comments (clear)

  1. Re:Slashdot Editors, Do Some Editing by JustinOpinion · · Score: 5, Insightful

    there's a separate link at their firmware download page for the DIR-655 that says (in plain view, in a sensible spot): Click here for Firmware 1.21 WITHOUT SecureSpot 2.0

    Well, I highly doubt that most customers know what "SecureSpot" is. So how are they supposed to know to download the non-annoying firmware update? Of course, you may say that this is the customer's problem: they should read up on all the features that are being installed in the firmware update, and be sure that this is really what they want, etc.

    And, yes, in principle everyone should read every line of each and every EULA.

    The fact is that any reasonable person would expect a firmware update to only fix bugs and security flaws. It would not be normal to expect entirely new features to be installed, and it is certainly abnormal for the new "feature" to actually include nagware that prompts you to pay for some new service.

    The point here is that what they are doing is sleazy. The default configuration should have that redirect turned off. The link for a "without SecureSpot" firmware is nice, but the fact is that 99.9% of users will only notice that after they have already installed, and been annoyed by, the default update.

    It's an annoying thing to do with a firmware update. And in that sense, it's a reason to not do business with them.

  2. That's the end of D-Link. by Anonymous Coward · · Score: 5, Insightful

    If true, that's the end of D-Link. We would never buy from them again.

    Why are marketing people allowed to destroy companies? Then they go to a new company and do it again.

  3. Re:Why... by Anonymous Coward · · Score: 5, Insightful

    Hell NO. They're absolute garbage! I've seen more fried D-Link routers than every other brand combined. I'd sooner buy any other no-name brand for *more* money. Plus, they've been doing "evil" stuff like that for ages -- not long ago they were hammering a tier-1 NTP server with their firmware (and the poor guy was footing the bill for them on his own). Their garbage is best avoided.

    You want a good router? Get a Linksys WRT54GL (that is NOT the G or GS). Then put tomato on it or DD-WRT (they're Linux distros). Then setup opendns and all that in it too. Best router you can get under $500 perhaps (short of a specialized/fancy cisco router that runs IOS and is easy to mis-configure, an expensive specialized routerboard, or power-hungry computer with moving parts...)

  4. Re:Slashdot Editors, Do Some Editing by NFN_NLN · · Score: 5, Insightful

    From the goddamn article:

    So, you can turn it off. Not only that, but as of 9/30 there's a separate link at their firmware download page for the DIR-655 that says (in plain view, in a sensible spot): Click here for Firmware 1.21 WITHOUT SecureSpot 2.0

    Plus, upgrading your firmware "just because". Why?

    Double flame to you buddy.

    1) I wouldn't call "WITHOUT SecureSpot 2.0" in plain view. It's not like SecureSpot means anything to me. It has the name Secure so it sounds like something I would want. Now if they named it KickInTheBalls 2.0 or maybe SlapInTheFace 3.2 I would know to avoid it. SecureSpot means nothing to me.

    2) Upgrading firmware on a firewall/router why? Are you kidding me? You're going to be-little people who pro-actively secure their main entry point to the outside world. From now on you should lose your Slashdot posting privs.

  5. Re:Why... by Tom · · Score: 5, Insightful

    If you RTFA, you'll see that you CAN disable it.

    What are we becoming? Now every sleazy behaviour is ok as long as you can opt-out? That hasn't worked for spam for the past 20 years, has everyone suddenly got a learning disorder?

    The default behaviour of absolutely everything that's not a requested feature has to be opt-in.

    Opt-out is not good enough. I thought we'd learnt that by now.

    --
    Assorted stuff I do sometimes: Lemuria.org
  6. Poster should not have posted by betterunixthanunix · · Score: 5, Insightful

    I do not agree with that. DNS hijacking should be considered illegal criminal activity, regardless of what the reason was. We have enough problems with DNS attacks, the last thing we need is for a company like D-Link to try and legitimize it.

    If I buy a router, I wanted the router. I would not buy a router if I wanted a security stack; I would buy security software.

    --
    Palm trees and 8