Netgear and ZyXEL Confirm NetUSB Flaw, Are Working On Fixes

← Back to Stories (view on slashdot.org)

Netgear and ZyXEL Confirm NetUSB Flaw, Are Working On Fixes

Posted by samzenpus on Thursday May 21, 2015 @12:18PM from the protect-ya-neck dept.

itwbennett writes: In follow-up to a story that appeared on Slashdot yesterday about a critical vulnerability in the NetUSB service, networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected and said they are working on fixes. ZyXEL will begin issuing firmware updates in June, while Netgear plans to start releasing patches in the third quarter of the year.

34 comments

Min score:

Reason:

Sort:

Hey! by Ol+Olsoc · 2015-05-21 12:39 · Score: 1

If anytone is going to confirm anything around here, it will be Netcraft!

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
1. Re: Hey! by Anonymous Coward · 2015-05-21 13:35 · Score: 0
  
  At least I can sexually satisfy my wife, cracker.
2. Re: Hey! by Anonymous Coward · 2015-05-21 14:04 · Score: 0
  
  You must have been pretty shocked when "she" turned out to be cross dresser with a sloppy asshole. Easy to understand, though, considering all those years in your parents' basement that you would confuse a small penis for a large clitoris.
  Still, the lube should have tipped you off.
3. Re:Hey! by Ol+Olsoc · 2015-05-21 15:25 · Score: 1
  
  They confirmed you're a cuckolded sissy.
  Only thing worse than being witty is not being witty.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
4. Re: Hey! by Anonymous Coward · 2015-05-21 16:58 · Score: 0
  
  >At least I can sexually satisfy my wife, cracker.
  White men naturally like young girls, not so much old women and big asses of shelf.
  Anglo and then Jewish and Anglo feminism keeps white men from what they want.
  Isn't the west great! (For women and what women want)
British system was designed to target, kill people by Anonymous Coward · 2015-05-21 12:43 · Score: 0

Learn the truth and ignore the propaganda. The system is coming for you, next... Wise up.
https://www.youtube.com/watch?...
Re:Open sores software == shit by Ol+Olsoc · 2015-05-21 12:43 · Score: 1

That's what happens with you trust open sores software. Freetards writing C code is dangerous.
Yeah, we need some of that always safe commercial stuff there Trollerena.
Anyone who gets that reference wins one internet.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Secrecy in security is not always a good thing. by deviated_prevert · 2015-05-21 13:16 · Score: 4, Insightful

Even if Snowden had never blown the whistle on how the culture of secrecy can run amok and abuse privacy, eventually the NSA would have been caught out because of the Hubris a culture of closed doors creates. This latest revelation about how they tried to do man in the middle attacks on android and IOS devices only goes to prove the fact that the more closed the source is the more vulnerable it is to abuse in the long term. The first post to this thread is woefully wrong and was evidently posted by a zombie in his parents basement trying to score points with his friends.
That being said culturally we are being morally bankrupted more by a culture of fear and secrecy than hackers. Gag orders only work to cause public distrust in the long run and so does a lack of transparency.
The vulnerabilities in these devices will not cause problems long term because their code is transparent the same thing cannot be said about closed source devices. Fortunately Microsoft is transparent and does appreciate users telling them about security flaws otherwise I would never use a Windows device again. Naturally the flaws that exist are harder to fix but at least they do try to make their products and OSes bullet proof from the NSA. Touch wood.

--
This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
Re:Open sores software == shit by binarylarry · 2015-05-21 13:20 · Score: 1

Dude I loved that album!

--
Mod me down, my New Earth Global Warmingist friends!
Re:Open sores software == shit by msauve · 2015-05-21 13:32 · Score: 1

"open sores software"

There's an anti-virus which can treat that.

--
"National Security is the chief cause of national insecurity." - Celine's First Law
In the meantime, by fustakrakich · 2015-05-21 13:33 · Score: 3, Funny

Turn off the equipment, and take up knitting...

--
“He’s not deformed, he’s just drunk!”
what about their older routers? by Anonymous Coward · 2015-05-21 13:47 · Score: 0

Like, seriously, will they only patch their current routers or all their past ones that are discontinued by now?
1. Re:what about their older routers? by Lunix+Nutcase · 2015-05-21 13:50 · Score: 1
  
  Being rhetorical, right?
2. Re:what about their older routers? by Bing+Tsher+E · 2015-05-21 14:34 · Score: 2
  
  Protection rackets don't work that way.
  Get on board with their new stuff!
zyxel? by satsuke · 2015-05-21 14:12 · Score: 1, Insightful

zyxel is still a thing?
You'd think that brand (name) would have died a decade ago.
1. Re:zyxel? by Anonymous Coward · 2015-05-21 14:21 · Score: 0
  
  Maybe *you'd* think that, but a lot of us actually keep up with technology.
2. Re:zyxel? by TheGratefulNet · 2015-05-21 15:37 · Score: 1
  
  ODDLY enough, I have 2 nas boxes here by zyxel; and the truly odd thing is their model number: nsa-320. I kid you not!
  had them running about 2 years, now, with no problems! not the fastest thing but they are tiny, they do support both nfs and smb (most small nas boxes don't do nfs) and it has not crashed or had o/s issues that I've seen. I dont use usb on it, only ethernet in and 1 or 2 drives internally, but its been pretty good for its size and price!
  
  --
  
  --
  "It is now safe to switch off your computer."
3. Re:zyxel? by Anonymous Coward · 2015-05-22 05:04 · Score: 0
  
  zyxel is still a thing?
  You'd think that brand (name) would have died a decade ago.
  Why would you think that?
Re:Open sores software == shit by Anonymous Coward · 2015-05-21 14:15 · Score: 0

Two words:
goto fail.
Re:Open sores software == shit by Bing+Tsher+E · 2015-05-21 14:25 · Score: 1

You're soaking your fingers in it.
No surprise here by Anonymous Coward · 2015-05-21 14:27 · Score: 0

Frankly, if you're still using NetBEUI in this day and age, you deserve what you get...
NetUSB (USB Over IP) is proprietary software. by techt · 2015-05-21 15:08 · Score: 4, Informative

NetUSB by the company KCodes is proprietary not open source software.
ZyXel in the BBS days by Anonymous Coward · 2015-05-21 15:26 · Score: 1

They made *killer* modems in the last days of the BBS era. They were really the only company that could complete (and dominate) over the USR Courier, which was the gold-standard in its many forms from the late '80's to the late '90's. ZyXel was also making the U1496, etc. in Germany at the time.
Now, they seem more than content to sell Linksys-like shrinkwrapped China-junk @ Frys.
RIP. ZyXel (oh, and USR...)
Re:Open sores software == shit by Ol+Olsoc · 2015-05-21 15:27 · Score: 1

You're soaking your fingers in it.
Something tells me you don't get the reference.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Critical; thrid quarter? lol by Anonymous Coward · 2015-05-21 16:03 · Score: 5, Insightful

A critical vulnerability will be fixed some many months from now. Gee, thanks!
I'll stick with my open-source solutions, thanks!
Morons, or maybe I should say "assholes".
1. Re:Critical; thrid quarter? lol by Anonymous Coward · 2015-05-21 22:47 · Score: 0
  
  Like OpenSSL amirite?
Re:Open sores software == shit by Anonymous Coward · 2015-05-21 17:36 · Score: 0

doesn't winnuke prove that closed sores software is no better? After all, you shouldn't pick at closed sores.
Oh well by Anonymous Coward · 2015-05-22 00:06 · Score: 0

Its really all about the stupid end user who can't setup a router without all these features. UPnP was the same issue, make it so everything sets up easily but you also end up with a potential point of hacking the router. I also do not see the router makers doing a whole lot to test their firmware. many times its feels like a after thought in terms of security. Its more about function and removing the frustration of setup for the dumb consumer.
Too bad you don't know where FW is downloaded from by NotBorg · 2015-05-22 05:51 · Score: 1

Lets say I want to update my FW because I don't want the NSA to exploit it. How do I know I'm downloading it from Netgear (or any other major home router vendor) rather than a NSA hijacked page? None of them do https.

--
I want this account deleted.