Slashdot Mirror
D-Link Warns of Vulnerable Routers
wiedzmin sends in news of a vulnerability in some D-Link home routers. The company has made new firmware available for download. "D-Link announced today that the problem, discovered by security researchers SourceSec, affects three of its wireless routers: DIR-855 (hardware version A2), DIR-655 (versions A1 to A4), and DIR-635 (version B). The problem lies in D-Link's implementation of Cisco's Home Network Administration Protocol, which allows remote router configuration. The scope of the vulnerability is greatly reduced by the fact that these router models were not shipped with the affected firmware by default, so only customers who updated their firmware are potentially affected. Or at least this was indicated in the company's response to the SourceSac claim that all D-Link routers sold since 2006 were affected." SourceSec apparently made their research available, including an exploitation tool, without ever contacting D-Link.
Indeed, this is becoming the reality. Software and hardware vendors have become complacent with the fact that researchers will give them ample time to ignore a problem.
The only reasonable solution to reduce vulnerability in the wild is to publicly expose the issues to force vendor resolution more quickly. Seems counterintuitive, but it does work.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
TFA mentions that DLink has published new firmware for the routers already. But I've got a DIR-655/A4, and their support site still only lists firmware from last September (v1.32NA) and the firmware check in the router says it's the latest. Where are these updated firmwares available?
Sleep your way to a whiter smile...date a dentist!