Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dear Asus Router User: All Your Cloud Are Belong To Us

Posted by Unknown on from the stock-firmware-considered-harmful dept.

New submitter Trax3001BBS writes "Ars is running an article about a vulnerability of Asus routers that are becoming very popular at the moment for connecting USB devices to the Internet. From the article: 'An Ars reader by the name of Jerry got a nasty surprise as he was browsing the contents of his external hard drive over the weekend — a mysterious text file warning him that he had been hacked thanks to a critical vulnerability in the Asus router he used ... The guerilla-style hacking disclosure comes eight months after a security researcher publicly disclosed the underlying vulnerability that exposed the hard drives of ... Asus router users. ... According to Lovett, the weakness affects a variety of Asus router models, including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R. Asus reportedly patched the vulnerabilities late last week...' And this old news, come new again: The Asuswrt Merlin ROM took care of this vulnerability months ago (defect #17)."

3 of 148 comments (clear)

  1. Open Source is better. by Anonymous Coward · · Score: 4, Insightful

    Just install DD WRT and have done with it.

  2. Re:Best way to let someone know something's amiss by Somebody+Is+Using+My · · Score: 4, Insightful

    Which works until you use this method to "advise" the wrong person, who contacts the cops and you end up arrested for computer trespassing. Too often we hear stories about people intending to do good are blamed for the message they bring.

    Unfortunately, there doesn't seem to be any "right" way to bring these problems to the attention of the user or the developer since the laws all seem to be unfairly balanced against the whistleblower. There is an automatic assumption that anyone providing the information could only have come upon the data because they were intending to do something malicious.

    Having said that, there are many the times I've been tempted to rename the SSIDs of wireless networks that still use WEP in some vain attempt to knock some sense into the user's head. Never gave into that impulse, but boy, sometimes it was quite a struggle.

  3. Re:and this is why smart peiple don't touch window by the_B0fh · · Score: 4, Insightful

    You realize that open FTP servers used to be the norm? You realize that the RFC itself requires PORT to be open so that you can do a bounce attack?

    Please don't be an idiot. This stupidity has nothing to do with windows, and is clearly the fault of Asus and not anything OS related.