Slashdot Mirror
FTC Takes D-Link To Court Citing Lax Product Security, Privacy Perils (networkworld.com)
Reader coondoggie writes: The Federal Trade Commission has filed a complaint against network equipment vendor D-Link saying inadequate security in the company's wireless routers and Internet cameras left consumers open to hackers and privacy violations. The FTC, in a complaint filed in the Northern District of California charged that "D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras." For its part, D-Link Systems said it "is aware of the complaint filed by the FTC." According to the FTC's complaint, D-Link promoted the security of its routers on the company's website, which included materials headlined "Easy to secure" and "Advance network security." But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws such as "hard-coded" login credentials integrated into D-Link camera software -- such as the username âoeguestâ and the password âoeguestâ -- that could allow unauthorized access to the cameras' live feed, etc.
I mean, next thing you'll tell me is that 1234 is a bad combination for my luggage.
Check out my sci-fi/humor trilogy at PatriotsBooks.
They have a history of sluggish or non-existent responses to vulnerabilities going back for many years. About 10 years ago they also had that high profile incident where they were randomly abusing NTP servers belonging to other organizations and they shrugged it off for a long time until there was a big public stink. I don't know why anyone buys that crap or trusts them with any of their data.
but they didn't say HOW they were aware of it, maybe from d-link cameras in the ftc
Why haven't they charged Microsoft with the same? Or, for privacy violations due to "telemetry?" Trump's FTC isn't attacking US companies like this.
See subject: ...100's of 'em https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/ & FAR from a "complete list" too!
* Should you require MORE? Ask & "ye shall receive" (by the 100's).
APK
P.S.=> I avoid a LOT of inefficiency, security bugs galore (remote DNS, antivirus, addons sold out to NOT work, & yes router issues etc,) doing MORE for FAR LESS more efficiently vs. their issues via NEW version APK Hosts File Engine 9.0++ SR-5 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk
Purchased a TP-Link router that turned out to have a backdoor.
https://tech.slashdot.org/stor...
Asking support about it I got the answer back that "We will not fix it. Just make sure nobody get access to your local network".
Both TP-Link and Lenovo are on my do-not-buy list.
Require them to support OpenWRT or open up source code to permit development of third party firmware would be nice.
Maybe they should move to using an open source community firmware but just add their logos on top.
Not sure if it would hold off the FTC, but the EULA of these products likely give D-Link full immunity from civil lawsuits like most consumer level software or equipment.
Cisco (branded Netgear) sold tens of millions of units with trivial CGI exploits on the WAN side - and no fix for years!
With all the security issues that Netgear lets through, will they be next on the list?
So D-Link has buggy insecure code. Can't the marketplace correct for this? Do I care if someone gets the live feed of my camera watching my front door? No. When will the FTC go after Comcast and AT&T for abusing their monopoly status? Or how about Microsoft for spying on me without disclosing what they're doing and upgrading and rebooting my PC without my consent? Why do those companies get a free pass?
Somebody’s gonna get a slap on their wrist. And these things are everywhere and from every maker.
Good luck, and thanks for the fish!
I have nothing but D-Link IP cameras, and a router/AP, and me and all my new Russian friends - who, without D-Link, I'd not have - think its security is tops!
I don't see what the issue is. If people want to buy an insecure device that will compromise their well-being, then they should be allowed to. I thought the whole point of capitalism was, "Do whatever it takes to make money", and regulation gets in the way of that!
Thankfully Trump will put an end to this "You need to put out a product that isn't shit" nonsense.
> If people want to buy an insecure device that will compromise their well-being, then they should be allowed to.
Actually that's the FTC's position. The company fraudulently advertised the product as having "advanced security" and "easy to secure." That's the law suit - "if people want to buy insecure/secure, then they should be allowed to", companies may not lie and deliver the opposite of what they sold the customer. The result of the law suit will probably be that the company will stop advertising security.
See subject: You prove it as you stalk/troll/harass me by unidentifiable anonymous posts proving you have NO BALLS, whimp.
APK
P.S.=> You're pitiful - what I call a "not man"... apk
I can say that one of the people funding free software projects. LibreCMC is slightly better than some embedded firmwares in that certain functionality has been disabled thats particularly vulnerable. However it takes more than one developer forking OpenWRT and removing non-free bits to properly correct the security nightmare that is embedded firmware.
What if it IS "Advanced Security", but just not advanced enough? I mean, compared to what we had in the 90s, it most certainly is advanced. :)
See subject. Sea subject. C Subject. Si Subject.
Your router phobia is weird.
What's your router-less set-up, APK? Modem to Windows box? I assume you only have one internet enabled device - very 90s, which is where you seem to be trapped. Some of us can handle the risk of having multiple devices connected to the internet. I know it's scary and that you need to have some ideas about security as a process, rather than just refusing to use anything that can't be replaced by a host file (DNS, router ...)
These lists that you fetishistically accumulate are rubbish. There's no analysis. No evaluation. It's a dump of everything that you can find that you think supports your position that routers are bad and which you use to try and bury people with crap. It's an argument ad nauseum (a logical fallacy where you think large lists of low quality 'facts' have some weight). It's also transparently hypocritical given the even longer list of vulnerabilities that Windows has. But that's different, isn't it?
What's bad is consumer grade, closed-source firmware on anything network connected. Routers or PCs
What about all of those who 'roll their own'? I used to use old PCs with a second NIC to make my own BSD based router/firewall, years ago, but these days just use something that supports DD-WRT/openWRT. That doesn't make it secure. It's another network connected device with it's own OS and needs a security process that includes (but isn't limited to) access restriction and monitoring/auditing; accounts and rights with suitable authentication; regular patching and maintenance (which is much less likely on consumer gear that's likely to be forgotten when a new model is brought out), etc.
This is true of anything, 'though.
You use the word 'efficiency' to describe not using services and functions. That's great. That's your use case. It's like someone claiming that they can get 12 hours of use out of their laptop - because they have the screen turned off and the CPU is in low-power mode because it's doing barely anything. For someone else, who values being able to get some work done, that's not being 'efficient'.
Resources are spent to achieve results. Reducing the resources spent to achieve the same results is increasing efficiency, but not using DNS and not using routing is not the same result so any resource reduction says nothing about efficiency.
Your criticism of routers is like your insistence that a host file is a solution to security. It may be for you - someone who doesn't browse much and who has one device connected at a time. But the world has changed in the last 15 years, even if you haven't.
Grow up. Seriously. This is laughable.
YT
See subject: It's impolite to talk w/ your mouth full as you EAT YOUR WORDS https://slashdot.org/comments.pl?sid=9986237&cid=53480147/ chump.
APK
P.S.=> Doing things more efficiently is sensible - wasting resources to do so is not... apk
"a host file is a solution to security" - by "YeTi" the NO BALLS unidentifiable Anonymous Coward
http://www.securityfocus.com/columnists/491 (SYMANTEC Oliver Day)
"The host file accessing the Internet particularly browsing the Web is actually faster now... as a means to block advertising and as a way to avoid being tracked by sites that use cookies"
OReilly: For security -> http://oreilly.com/pub/a/windows/2004/03/30/hosts.html/ & For speed -> http://www.oreillynet.com/pub/a/network/excerpt/winxphacks_chap1/index1.html?page=3/
Steve Gibson endorses hosts https://www.grc.com/sn/sn-045.htm/
Aryeh Goretsky NOD32/ESET endorses hosts http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/
Brocke Wilders SECURITY http://www.wilderssecurity.com/threads/hosts-block.378901/
MalwareBytes' hpHosts' hosts + RECOMMENDS my program!
APK
P.S.=> Dozens of /.'ers like & use my program - You're outnumbered by FAR... apk
EAT YOUR WORDS
Oh, APK, you poor thing. I was wrong, once, and you cling to it like you cling to the award you got from a magazine in 1999. You're so proud. Your life must truly be an empty and pathetic shell that you've learned to hold so hard to such small victories. I'm sorry for you.
Doing things more efficiently is sensible - wasting resources to do so is not.
Well, you sure didn't read or understand what I wrote and have chosen your usual 'restate your position like it's a rebuttal'.
I'll try again;
Doing 'things' more efficiently means using less resources for the same outcome.
I could turn my PC off and it would be using less resources than even the 6MB you claim for your host file usage.
Fact - an off PC uses less resources than a PC that is on
But it's not more efficient because it can't do the same things that a PC that is on can do.
Are you with me so far?
So, using a host file only (with occasional less-than-5% DNS use) may work for you and your bizarre browsing habits, but for most people, if they did that then it would be like turning their PC off.
Fact - Not using DNS uses less resources than using DNS
It also means significantly less functionality for everyone except people like you.
Still with me?
Same with using a router. You're a lonely and strange man who only has one device connected to the internet, however many people have multiple devices that connect to the internet - whether that's because they live with other people (you know, like family, friends, partners ...) who have internet connected devices, or - and I know for someone still trapped in the 90s that this may come as a surprise - sometimes the same person has more than one device that connects to the internet. Crazy, right?!
Fact - not using a router uses less resources than using a router
However, that would mean that for many people, their internet usage would be very, very different.
Conclusion - when "Doing things" is not the same, whether one 'thing' uses less resources than another cannot be considered an increase in efficiency.
Too hard for you? I know you won't reply to actually address or answer any of these because, well, I initially assumed you had a reading or learning disability. Dyslexia or something similar but you're just incapable of admitting when you're wrong. You just double down, repeat yourself or attack the person and ignore the points.
Well, never mind. How about you make some comment about how I'm anonymous; you're being stalked; I'm using 'illogic logic' (always a favourite when you get cornered and you have to say something but can't think of anything to say). Or better yet, just ignore the whole messy 'being wrong' and declare victory anyway.
Here, I'll help;
You win! Good boy! Well done! You're a winner! Go get 'em, champ! That's showing them! You're validly and technically correct! You know important people and they say nice things about you! You have awards! You got paid, once, for an article you wrote!
YT
FTC needs to talk to NHTSA about their aggressive vehicle-to-vehicle communication plan. Their current schedule of standards allows no room for security to be designed into the system.
Security needs to be designed into a system from the start, not "bolted on" afterward.
See https://www.nhtsa.gov/press-releases/us-dot-advances-deployment-connected-vehicle-technology-prevent-hundreds-thousands
They also agree w/ me hosts = valuable security & speed! Who are you to say otherwise? 100's here use hosts & many of that number like + use my work.
* My 'detractors' on hosts are 1 of 4 people (& it doesn't take a brain to figure it out):
1.) Advertisers or their minions
2.) Webmasters losing ad views
3.) Inferior inefficient "so-called 'competitors'"
4.) Malware makers/botnet herders etc.
APK
P.S.=> Have YOU done more, better & earlier in computing than I have? No, & if you give me crap on that we can compare notes I can backup w/ facts regarding myself easily (you can't & I know it)... apk
most consumers DON'T CARE about (much less ever THINK about) security.
No, most consumers don't think about IMPLEMENTING security. That's because they trust that the makers of their devices are smarter than them, and wouldn't make deliberate decisions that hurt security (like hardcoded admin logins). This is after people like me hammered in the idea that to be (more) secure on the internet, you need to use a router and not plug in directly.
It's in the same vein as trusting the person who makes your car that it won't cheat on emissions, accelerate without the pedal being pressed, etc etc.
In other words, a case of misplaced trust - or a vendor who violates said trust - not lack of caring...