Slashdot Mirror

← Back to Stories (view on slashdot.org)

TP-LINK Loses Control of Two Device Configuration Domains (helpnetsecurity.com)

Posted by msmash on from the security-woes dept.

Reader Orome1 writes: Security researcher Amitay Dan warns that tplinklogin.net, a domain through which TP-LINK router owners can configure their devices, is no longer owned by the company, and that this fact could be misused by malware peddlers. TP-LINK has confirmed that they no longer own the domain in question, and will not be trying to buy it from the unknown seller for now. Instead, they intend to change the domain in the manuals to a newer one that's already in use.ComputerWorld has more details.

9 of 86 comments (clear)

  1. Re:Who gives a shit? by Dunbal · · Score: 5, Informative

    I use TP-LINK network bridges. There are other people in the world besides yourself.

    --
    Seven puppies were harmed during the making of this post.
  2. Summary makes it sound worse than it is by Anonymous Coward · · Score: 5, Informative

    The CW article says the router intercepts that domain name and redirects to an internally hosted web page.

    1. Re:Summary makes it sound worse than it is by wbr1 · · Score: 2
      Yes. May do this, netgear uses routerlogin.net. I am old school and always use the IP.

      But, imagine Joe User. Let us say that there are 150,000,000 Joe user routers out there. Let us say Joe User needs to access his router 1.5 times per year. Let us say that after accounting for everything, .5% of the time Joe user remembers the bad tplink address, but no longer uses a tplink router. That is 750,000 chances to redirect Joe User to a password phishing page, or.. download this critical TP-Link update!

      These numbers are conjecture, but plausible. If you were a black hat, wouldn't you want a shot at even half those numbers?

      --
      Silence is a state of mime.
  3. Re:Who gives a shit? by __aaclcg7560 · · Score: 4, Funny

    There are other people in the world besides yourself.

    You mean out in the big blue room with the bright light? This is Slashdot. We don't mention those people.

    .

  4. Re:Who gives a shit? by mysidia · · Score: 3, Insightful

    That was what you did PRE-CLOUD. Now all the vendors want you to go through their website.

    That way, later, when they discontinue the product --- they can require you purchase an upgrade, next time you want to make changes.... Or even better, they can bill you a monthly fee, and turn your network off if you forget to renew the license; e.g. Meraki.

  5. Re:Who gives a shit? by jittles · · Score: 2

    I use TP-LINK network bridges. There are other people in the world besides yourself.

    Well maybe you should reconsider since, apparently, the company must not be solvent enough to afford a $10 per year domain registration.

  6. Re:Who gives a shit? by neilo_1701D · · Score: 2

    I use TP-LINK network bridges. There are other people in the world besides yourself.

    Well maybe you should reconsider since, apparently, the company must not be solvent enough to afford a $10 per year domain registration.

    Much like Google couldn't afford $12 last year...

  7. Re:Who gives a shit? by bws111 · · Score: 4, Insightful

    The router resolves that domain to the 192.168 address of the router. It has nothing to do with 'the evilz CLOUD'. Only on /. does idiocy like this get modded 'insightful'.

  8. OpenWRT on DIR-645 by xarragon · · Score: 2

    I couldn't agree more. Just replaced my old WRT54GL router with a dirt-cheap D-Link DIR-645 that was on clearance sale. Just checked that it could run OpenWRT before I bought it. Works like a dream with my USB 3G dongle, have had it for 3 months now. The original firmware would not even support modems, forcing you up to more expensive models despite the hardware being more than capable.
    You can easily flash back the original firmware if you need to return it for warranty purposes. Most routers run U-Boot these days, it has never been easier to get a top-notch router for pennies. This is why we need the freedom to tinker!