The advantage of a simple SoC system with soldered in components is that it’s less likely to break.
Sure, that makes sense in theory, but.. Show of hands here: How many people have buried more than five "simple SoC" routers in the past five years? I’m counting parents & friends that I support in that number, admittedly, but there’s nothing the least bit difficult about making SoC simplicity with crap quality standards that lead to crazy-high failure rates.
OK. Hands down. Now how many have buried more than one “old PC” based router in the last five years?
It's been quite a while since I've used a PC based router, but I finally had to retire my last one because it kept locking up for no good reason. I was going to replace it with an old laptop that had been sitting unused in a desk drawer for 2 years, but then I found that every time I moved the laptop, it would reboot, if I lifted up the front and dropped it one inch, it would reboot every time. I tried reseating the RAM and/or CPU in both cases with no change.
Years ago, I gave my old WRT54G to my parents and they are still using it, it's about 8 years old now.
It would cost a lot more than the Apollo project to get a permanent self-sufficient base on the moon or mars, probably hundreds of times more, maybe thousands, especially is it has to be truly self-sufficient (no external supplies ever, no margin for error).
And a super-volcano is not going to wipe out the human race. Maybe 99% (mostly via starvation) but that still leaves millions. Same for a comet/asteroid strike, nuclear war, etc. (a super-virus might do it). As far as knowledge preservation, a lot could be done regarding that on Earth.
Have any sources for your estimate? Note that I already proposed spending 50 times the Apollo costs to set up a permanent self-sufficient Lunar base, while others have pegged the cost of a manned (though not self-sufficient) Lunar base at $35B (or 1/4 the cost of Apollo). I'm curious how you arrived at a figure that's 200 - 2000 times higher. The Mars costs are more nebulous since if we did build a lunar base and can find sufficient natural resources there or via asteroid mining, that would drop the cost of a Mars base dramatically so it's not out of line to expect that setting up the base on Mars is not dramatically more than the cost of setting up the Lunar base.
Perhaps 4 - 6 decades to get to the Moon and Mars is too optimistic without a clear and present threat to drive the project faster, but I don't think the cost estimates are out of line.
Y'all can keep rationalizing, but the fact remains that the WRT54g was interesting at $120 ten years ago, and fun at $60. There is NO WAY that this is going to see similar market penetration at $300.
I think that's a given -- even if it were released at $100 it wouldn't see similar market penetration because the market is much more saturated now.
Besides, high profile item prices seldom go downward between the vaporware stage and release, but they've been known to go upwards: what if it gets released at $450?!
And what if it gets released at $10,000!?
A decade later, under $200 is only slightly interesting, and $100 makes me smile. 300 just annoys the fuck out of me: I won't spend 300 when the special features it has beyond the 54g are diminished by most of USA's shitty residential broadband rate limitations.
Well yeah, if you don't need the power that this router offers, you're not going to buy it at any price, but I thought that went without saying.
Why would you spend even $100 for it if you're not going to take advantage of whatever special features it offers?
Normal use is around 35 watts (as measured by a Kill-A-Watt), although it will spike as high as 50 when powering up. It's not as competitive on that front, but it makes up for it in expandability. You can easily slap a couple of HDDs into it and have it fill NAS duties without the cost of a separate NAS. Full blown OSes usually give more options for power management as well, so I could set it up to go to sleep during the night or while I'm at work if I wanted to.
Who would want to use their border router as a NAS? In any case, the eSATA and USB 3.0 ports on the Linksys router mean you could do the same thing with it. Dual and quad USB3.0 enclosures are readily available.
Not everyone lives where power is so cheap that they don't need to look at power costs. My power costs around 15 cents/KWh and if I used more power and ended up in a higher rate tier, I could be paying over 30 cents/KWh for it (or $50/year for 20W), so the cost of power is no small consideration. (but even at my power cost, I wouldn't run an internal NAS on the same hardware as my firewall).
For me, the deficiencies in power are well worth what it makes up for in expansion/upgrading/ease of fixing if it breaks.
The advantage of a simple SoC system with soldered in components is that it's less likely to break.
I could have probably shaved off another 10 or 15 watts if I used something like an Atom without driving the price up too much.
But your price is already at $200 not including the 802.11ac card and antennas, so if you drive it up any more, you'll be beyond the street price of this router.
It's all a matter of what you want to do with your device; I have a full server rack in the basement and electricity is pretty cheap where I live, so it makes sense for me but I'll be the first to admit it's not for everybody.
For anyone interested, I originally had ClearOS on it and later switched to Sophos. Both are about as user-friendly as something like this gets for installation, maintenance and flexibility to easily add more roles to the device.
Yes, if you need a more power than this device offers, you're not going to find it useful. But if it costs you nearly as much to put together your own device (that uses more power and may cost more in the long run), then there's little advantage to build it yourself.
If we know where the magma chamber is, why can't we tap the chamber to create pressure relief wells, allowing the pressure and magma to drain an semi controlled fashion?
Sure, drill into it and slowly drain the pressure, or accidentally trigger an eruption through a previously unknown mechanism. (like maybe the well relieves pressure on one side, leading to instability on the other side and an eruption.)
It's still only happening about every 100,000 years. Will it eventually happen? Yes. Can we do anything about it? Nope. This planet is still the dog and we are still the fleas.
Depends what you mean by "do anything about it" - if by "do anything" you mean "preserve the human race", then we could easily have a permanent and self-sufficient base on the moon within a few decades if we dedicated half of our military budget to it, and a base on Mars a few decades beyond that. The entire Apollo project "only" cost around $170 billion in 2005 dollars -- the USA Military Budget is around $700B annually.
No need to panic, you may return to your basements.
Dr Perrillat said there are no known supervolcanoes that are in danger of erupting in the foreseeable future, and it would take at least a decade or so for the magma pressure within a caldera to build up to a point where an eruption is likely.
Unless, of course, our understanding of these volcanoes is still incomplete and it's really triggered by a high pressure magma surge from further below the surface where we have even less understanding of what's going on.
You really only need 2 ports for a basic router. If you need more, you can use tagged VLAN's.
In that case you could do with just one port on the router.
I don't trust tagged VLAN's enough to leave the tagged port open to the world, so I always keep the unsanitized public internet traffic on a separate port.
Even if you bought the Beagle Bone Black ($50), SD card ($15) and 5 port netgear gig-e switch ($35) that's only $100 worth of hardware leaving you $200 (retail) to buy a special chip and antennas.
But then you'd be left with a single core 1 Ghz ARM CPU with 512MB of RAM rather than a dual-core 1.2GHz ARM with 256MB of RAM (plus USB3.0 and eSATA).
Whether it's better depends on which you need more - CPU or RAM.
Considering I built my current router is a low-power dual core 2.0GHz x64 CPU with 4GB DDR3 RAM, 16GB SATA-III SSD and 5 gigabit Ethernet ports for ~$200, it shouldn't be too hard to add a wireless card for around $100 and call it a day.
How much power does it use? Power consumption is an important factor in a device that's going to be running 24x7. 20 watts of difference in power consumption could be costing you $20/year or more depending on how much your power costs.
But you can buy better hardware that is more open right now for less money. There are lots of options for a DIY router, boards that even have card slots so you can put on your own wireless card, etc..
Alix boards, and lots of others out there both ARM and even X86 based. Plus those boards you can run a real router like pfSense or IPCop on them instead.
I'm waiting for the new Alix APU board to be available for my next firewall. I've been using an alix2d13 Alix board with pfSense and have been very happy for it. My current firewall has enough CPU power to route my full 50 mbit comcast connection, but I'd really like more RAM so I can load the pfBlocker list.
Yes if you find the right MiniITX board with a soldered on processor. but nothing that will have 4 or more ethernet ports. honestly you need 3 network interfaces just for a basic router.
You really only need 2 ports for a basic router. If you need more, you can use tagged VLAN's.
I thought the US had the worst medical system in the world. Whats this? A Socialist country (actually half of the politicians in Ecuador are communists) has worse medical treatment? That just doesn't seem right. State run medical facilities are ALWAYS better, or so I was told by the NYT.
LOL. I love these stories where reality just smacks the left in the face.
Right, you'd think that an island chain with an immense population of 25,000 people would have top-rate medical care, it must be the politics that's getting in the way.
Given that the Chinese icebreaker got stuck as a direct result of attempting to rescue (successfully in conjunction with an Australian icebreaker) the passengers off the Russian icebreaker, who pays the US icebreaker for the rescue of the Chinese icebreaker?
RTFS
Under international conventions observed by most countries, ships' crews are obliged to take part in such rescues and the owners carry the costs.
In this case, it's just a matter of making a phone call. As in "Hello, Alaskan Way Viaduct project officials? This is STP. The DOT says you bore a hole in the ground in 2002. We're just calling to make sure you guys removed the pipe."
One quick phone call. Just like that...
I'm not saying each and every danger can be predicted in a project like that, but in this case, the hazard was known and could have been fully assessed.
Also, while all potential problems can't be avoided, at $1.44Bn, they should at least try their best to minimize them.
You're assuming that they have the 10 year old documentation and that it's accurate.
I don't know about underground hazard documentation, but anyone that's every looked at as-builts for any sizeable building can tell you that the as-builts have only a loose connection to reality. The contract may have said that they pulled the casing out of the ground, but maybe it broke off 20 feet below the surface and they said "Good enough!" and just left the rest there.
Chris Dixon, project director for contractor group Seattle Tunnel Partners, said the builders presumed there would be no pipe in the way, because casings are customarily removed after use.
When I dig in hole in my backyard, I may presume there's nothing in the ground. That's because if I hit a snag, my cost will be the price of the shovel.
But for a $1.44B hole in the ground, I'd want to make damn sure every inch I dig through presents abolutely no risk whatsoever. And since that's taxpayer's money, if I was Seattle resident, I'd sure as hell want to know who the fuck "presumed" stuff on my money...
Actually, if you're digging in your back yard with any sort of power tools, you should still call your local utility locating service first to make sure there are no gas lines or other infrastructure buried in your back yard.
You're probably safe digging with hand tools (there's usually a marker tape or cable above more recent pipes), but if you're using something like a pickaxe or hammering a rod into the ground, you really ought to check first or you may find yourself on the hook for expensive utility repairs if you don't end up blowing up you and your house first.
Depends on the card issuer. Our credit union (Grow Financial, Tampa FL) issues Visa debit cards under the "Visa Zero Liability" policy, so we are not liable for any theft- or fraud-based charges. They just reiterated this policy in a letter we got today telling us they're replacing my wife's card due to Target charges on it "just in case." My card? I haven't charged anything at Target in many months, so no prob - and my card expires and is due for replacement next month, anyway.
Make sure you read the fine print. Visa's policy (though your issuer's may) doesn't apply to PIN transactions so if a skimmer captures your card number and PIN, you may find that you're not covered. Also the policy allows up to 5 days to credit the funds to your account, which could be a long time to wait if your checking account was drained and you have bills to pay. And, I couldn't find anything in the policy that says they will cover secondary charges like bounced check fees, etc.
So obviously it does not matter if it was a "published interface" or even if it was on purpose. It still qualifies as a backdoor. Frankly it does not sound like an accident either so I wouldn't even classify it as a bug. I certainly dont think it is unintended, a mistake, or an error. That means it does not fit your definition.
Note: Bold was added by me, and I did search other online dictionaries, most did not have definition that was technical in nature. Most referred to Back-door deals. Ones I checked were Miriam-Websters, Cambridge, and Oxford. If anyone does find a better definition I welcome being corrected.
You don't understand, I'm not saying that it's not a back door, nor that it's not a big glaring security whole, I'd even agree with someone that said it's irresponsible.
But there's no reason why it can't be all of those things *and* still be called a bug -- they are not mutually exclusive.
It could have even been coded that way intentionally to integrate with other software or for diagnostics or whatever and it would *still* be a bug if the functionality can be exploited for other means.
This method is for helping non techies. Tell non techie: following this 4 steps to fix your router: telnet , name, password etc etc. It is always the same to make tech support easier.
I understand why having no password or the same password for everyone is easier for tech support - this is the same reasoning that led Wifi router manufacturers to have the routerr default to an open network with no encryption -- much fewer support calls from people that don't know their WEP or WPA key.
But that doesn't mean that it's not a security vulnerability.
Enough with the sophistry. A backdoor is not a bug. It is intentional, not accidental. If you have to call it by a computerish name, call it malware. It does after all cause unwanted and malicious behavior. A device with a backdoor is defective by design and abuses the customer's trust in a way that can not be remedied by a patch.
You can call it anything you like, but if you expect to return it and get a refund, you're going to have to come up with a better reason than "The software does something it's not supposed to, I want a refund". As long as the software/hardware does reasonably what it's supposed to, the manufacturer is unlikely to grant a refund, especially a year or more after purchase. If a security vulnerability (even a big gaping one) was sufficient to get a refund, no one would pay for any software, they'd just use it for a year or two, find a security vulnerability, then return it for a refund then buy the next version, and repeat.
I agree, it's a backdoor, but I disagree that there is any reasonable hope that the manufacturer will refund your money because there's a vulnerability in their code.
There is a supported feature on Netgear routers where so long as you're on the internal network you can send a magic packet (using a utility called TelnetEnable) to open up the telnet port, then you can telnet in and issue commands as the super user. All TelnetEnable needs is the IP address of the router, it's MAC address, and a widely known default username and password - all things anyone connected to the network can get easily.
It seems like this guy stumbled upon a similar feature.
Yes, this stuff should be better protected, but it's not necessarily a vulnerability. For example, you can log into your router this way and use iptables to add some custom firewall rules that the web admin interface doesn't support. The main hole here is A) Most people don't know it's even there, and B) The default username/password is the same for every router by default. You do need to be on the LAN side to send the magic packet in the first place.
Why is a method to log into the router without any password not classified as a "vulnerability"? If I let my roommate's sketchy friend plug his laptop into the ethernet network because I don't trust him with the Wifi password, I wouldn't expect him to be able to telnet into to my wifi router without a password.
On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?
Excuse me, but accepting commands and executing scripts received on an unusual port is not a bug. That is code that is there 100% intentional. In the UK, I'd call it defective; it would be pretty obvious that it was defective as sold, so you can return it to the shop where you bought it for a reasonable time (maybe 2 years).
You're excused.
Unless it's a published interface that they meant to be exploited that way, it can still be classified as a bug.
A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's source code or its design, or in frameworks and operating systems used by such programs
Slashdot Mirror
Sure, that makes sense in theory, but.. Show of hands here: How many people have buried more than five "simple SoC" routers in the past five years? I’m counting parents & friends that I support in that number, admittedly, but there’s nothing the least bit difficult about making SoC simplicity with crap quality standards that lead to crazy-high failure rates.
OK. Hands down. Now how many have buried more than one “old PC” based router in the last five years?
It's been quite a while since I've used a PC based router, but I finally had to retire my last one because it kept locking up for no good reason. I was going to replace it with an old laptop that had been sitting unused in a desk drawer for 2 years, but then I found that every time I moved the laptop, it would reboot, if I lifted up the front and dropped it one inch, it would reboot every time. I tried reseating the RAM and/or CPU in both cases with no change.
Years ago, I gave my old WRT54G to my parents and they are still using it, it's about 8 years old now.
It would cost a lot more than the Apollo project to get a permanent self-sufficient base on the moon or mars, probably hundreds of times more, maybe thousands, especially is it has to be truly self-sufficient (no external supplies ever, no margin for error).
And a super-volcano is not going to wipe out the human race. Maybe 99% (mostly via starvation) but that still leaves millions. Same for a comet/asteroid strike, nuclear war, etc. (a super-virus might do it). As far as knowledge preservation, a lot could be done regarding that on Earth.
Have any sources for your estimate? Note that I already proposed spending 50 times the Apollo costs to set up a permanent self-sufficient Lunar base, while others have pegged the cost of a manned (though not self-sufficient) Lunar base at $35B (or 1/4 the cost of Apollo). I'm curious how you arrived at a figure that's 200 - 2000 times higher. The Mars costs are more nebulous since if we did build a lunar base and can find sufficient natural resources there or via asteroid mining, that would drop the cost of a Mars base dramatically so it's not out of line to expect that setting up the base on Mars is not dramatically more than the cost of setting up the Lunar base.
Perhaps 4 - 6 decades to get to the Moon and Mars is too optimistic without a clear and present threat to drive the project faster, but I don't think the cost estimates are out of line.
How exactly does panicking help?
Just relax and enjoy life, there's not much you can do about Yellowstone anyway.
It gives me something to look forward to every day as I cautiously leave the bomb shelter to see if the earth has been destroyed over night.
Y'all can keep rationalizing, but the fact remains that the WRT54g was interesting at $120 ten years ago, and fun at $60. There is NO WAY that this is going to see similar market penetration at $300.
I think that's a given -- even if it were released at $100 it wouldn't see similar market penetration because the market is much more saturated now.
Besides, high profile item prices seldom go downward between the vaporware stage and release, but they've been known to go upwards: what if it gets released at $450?!
And what if it gets released at $10,000!?
A decade later, under $200 is only slightly interesting, and $100 makes me smile. 300 just annoys the fuck out of me: I won't spend 300 when the special features it has beyond the 54g are diminished by most of USA's shitty residential broadband rate limitations.
Well yeah, if you don't need the power that this router offers, you're not going to buy it at any price, but I thought that went without saying.
Why would you spend even $100 for it if you're not going to take advantage of whatever special features it offers?
Normal use is around 35 watts (as measured by a Kill-A-Watt), although it will spike as high as 50 when powering up. It's not as competitive on that front, but it makes up for it in expandability. You can easily slap a couple of HDDs into it and have it fill NAS duties without the cost of a separate NAS. Full blown OSes usually give more options for power management as well, so I could set it up to go to sleep during the night or while I'm at work if I wanted to.
Who would want to use their border router as a NAS? In any case, the eSATA and USB 3.0 ports on the Linksys router mean you could do the same thing with it. Dual and quad USB3.0 enclosures are readily available.
Not everyone lives where power is so cheap that they don't need to look at power costs. My power costs around 15 cents/KWh and if I used more power and ended up in a higher rate tier, I could be paying over 30 cents/KWh for it (or $50/year for 20W), so the cost of power is no small consideration. (but even at my power cost, I wouldn't run an internal NAS on the same hardware as my firewall).
For me, the deficiencies in power are well worth what it makes up for in expansion/upgrading/ease of fixing if it breaks.
The advantage of a simple SoC system with soldered in components is that it's less likely to break.
I could have probably shaved off another 10 or 15 watts if I used something like an Atom without driving the price up too much.
But your price is already at $200 not including the 802.11ac card and antennas, so if you drive it up any more, you'll be beyond the street price of this router.
It's all a matter of what you want to do with your device; I have a full server rack in the basement and electricity is pretty cheap where I live, so it makes sense for me but I'll be the first to admit it's not for everybody.
For anyone interested, I originally had ClearOS on it and later switched to Sophos. Both are about as user-friendly as something like this gets for installation, maintenance and flexibility to easily add more roles to the device.
Yes, if you need a more power than this device offers, you're not going to find it useful. But if it costs you nearly as much to put together your own device (that uses more power and may cost more in the long run), then there's little advantage to build it yourself.
If we know where the magma chamber is, why can't we tap the chamber to create pressure relief wells, allowing the pressure and magma to drain an semi controlled fashion?
Sure, drill into it and slowly drain the pressure, or accidentally trigger an eruption through a previously unknown mechanism. (like maybe the well relieves pressure on one side, leading to instability on the other side and an eruption.)
Willing to take that gamble?
It's still only happening about every 100,000 years. Will it eventually happen? Yes. Can we do anything about it? Nope. This planet is still the dog and we are still the fleas.
Depends what you mean by "do anything about it" - if by "do anything" you mean "preserve the human race", then we could easily have a permanent and self-sufficient base on the moon within a few decades if we dedicated half of our military budget to it, and a base on Mars a few decades beyond that. The entire Apollo project "only" cost around $170 billion in 2005 dollars -- the USA Military Budget is around $700B annually.
No need to panic, you may return to your basements.
Dr Perrillat said there are no known supervolcanoes that are in danger of erupting in the foreseeable future, and it would take at least a decade or so for the magma pressure within a caldera to build up to a point where an eruption is likely.
Unless, of course, our understanding of these volcanoes is still incomplete and it's really triggered by a high pressure magma surge from further below the surface where we have even less understanding of what's going on.
So I don't think it's ok to stop panicing yet.
In that case you could do with just one port on the router.
I don't trust tagged VLAN's enough to leave the tagged port open to the world, so I always keep the unsanitized public internet traffic on a separate port.
Even if you bought the Beagle Bone Black ($50), SD card ($15) and 5 port netgear gig-e switch ($35) that's only $100 worth of hardware leaving you $200 (retail) to buy a special chip and antennas.
But then you'd be left with a single core 1 Ghz ARM CPU with 512MB of RAM rather than a dual-core 1.2GHz ARM with 256MB of RAM (plus USB3.0 and eSATA).
Whether it's better depends on which you need more - CPU or RAM.
Considering I built my current router is a low-power dual core 2.0GHz x64 CPU with 4GB DDR3 RAM, 16GB SATA-III SSD and 5 gigabit Ethernet ports for ~$200, it shouldn't be too hard to add a wireless card for around $100 and call it a day.
How much power does it use? Power consumption is an important factor in a device that's going to be running 24x7. 20 watts of difference in power consumption could be costing you $20/year or more depending on how much your power costs.
But you can buy better hardware that is more open right now for less money. There are lots of options for a DIY router, boards that even have card slots so you can put on your own wireless card, etc..
Alix boards, and lots of others out there both ARM and even X86 based. Plus those boards you can run a real router like pfSense or IPCop on them instead.
I'm waiting for the new Alix APU board to be available for my next firewall. I've been using an alix2d13 Alix board with pfSense and have been very happy for it. My current firewall has enough CPU power to route my full 50 mbit comcast connection, but I'd really like more RAM so I can load the pfBlocker list.
Yes if you find the right MiniITX board with a soldered on processor. but nothing that will have 4 or more ethernet ports. honestly you need 3 network interfaces just for a basic router.
You really only need 2 ports for a basic router. If you need more, you can use tagged VLAN's.
I thought the US had the worst medical system in the world. Whats this? A Socialist country (actually half of the politicians in Ecuador are communists) has worse medical treatment? That just doesn't seem right. State run medical facilities are ALWAYS better, or so I was told by the NYT.
LOL. I love these stories where reality just smacks the left in the face.
Right, you'd think that an island chain with an immense population of 25,000 people would have top-rate medical care, it must be the politics that's getting in the way.
Source unknown? Bullshit! Yahoo didn't run the ads without payment. Payment == traceable. Or is Yahoo accepting Bitcoins now?
Unless, of course, payment==stolen credit card number.
Given that the Chinese icebreaker got stuck as a direct result of attempting to rescue (successfully in conjunction with an Australian icebreaker) the passengers off the Russian icebreaker, who pays the US icebreaker for the rescue of the Chinese icebreaker?
RTFS
Under international conventions observed by most countries, ships' crews are obliged to take part in such rescues and the owners carry the costs.
And how do you suppose they are to do that?
In this case, it's just a matter of making a phone call. As in "Hello, Alaskan Way Viaduct project officials? This is STP. The DOT says you bore a hole in the ground in 2002. We're just calling to make sure you guys removed the pipe."
One quick phone call. Just like that...
I'm not saying each and every danger can be predicted in a project like that, but in this case, the hazard was known and could have been fully assessed.
Also, while all potential problems can't be avoided, at $1.44Bn, they should at least try their best to minimize them.
You're assuming that they have the 10 year old documentation and that it's accurate.
I don't know about underground hazard documentation, but anyone that's every looked at as-builts for any sizeable building can tell you that the as-builts have only a loose connection to reality. The contract may have said that they pulled the casing out of the ground, but maybe it broke off 20 feet below the surface and they said "Good enough!" and just left the rest there.
From TFA:
Chris Dixon, project director for contractor group Seattle Tunnel Partners, said the builders presumed there would be no pipe in the way, because casings are customarily removed after use.
When I dig in hole in my backyard, I may presume there's nothing in the ground. That's because if I hit a snag, my cost will be the price of the shovel.
But for a $1.44B hole in the ground, I'd want to make damn sure every inch I dig through presents abolutely no risk whatsoever. And since that's taxpayer's money, if I was Seattle resident, I'd sure as hell want to know who the fuck "presumed" stuff on my money...
Actually, if you're digging in your back yard with any sort of power tools, you should still call your local utility locating service first to make sure there are no gas lines or other infrastructure buried in your back yard.
You're probably safe digging with hand tools (there's usually a marker tape or cable above more recent pipes), but if you're using something like a pickaxe or hammering a rod into the ground, you really ought to check first or you may find yourself on the hook for expensive utility repairs if you don't end up blowing up you and your house first.
Depends on the card issuer. Our credit union (Grow Financial, Tampa FL) issues Visa debit cards under the "Visa Zero Liability" policy, so we are not liable for any theft- or fraud-based charges. They just reiterated this policy in a letter we got today telling us they're replacing my wife's card due to Target charges on it "just in case." My card? I haven't charged anything at Target in many months, so no prob - and my card expires and is due for replacement next month, anyway.
Make sure you read the fine print. Visa's policy (though your issuer's may) doesn't apply to PIN transactions so if a skimmer captures your card number and PIN, you may find that you're not covered. Also the policy allows up to 5 days to credit the funds to your account, which could be a long time to wait if your checking account was drained and you have bills to pay. And, I couldn't find anything in the policy that says they will cover secondary charges like bounced check fees, etc.
The free dictionary:
http://www.thefreedictionary.com/back+door
...
Oxford:
http://www.oxforddictionaries.com/us/definition/american_english/back-door
So obviously it does not matter if it was a "published interface" or even if it was on purpose. It still qualifies as a backdoor. Frankly it does not sound like an accident either so I wouldn't even classify it as a bug. I certainly dont think it is unintended, a mistake, or an error. That means it does not fit your definition.
Note: Bold was added by me, and I did search other online dictionaries, most did not have definition that was technical in nature. Most referred to Back-door deals. Ones I checked were Miriam-Websters, Cambridge, and Oxford. If anyone does find a better definition I welcome being corrected.
You don't understand, I'm not saying that it's not a back door, nor that it's not a big glaring security whole, I'd even agree with someone that said it's irresponsible.
But there's no reason why it can't be all of those things *and* still be called a bug -- they are not mutually exclusive.
It could have even been coded that way intentionally to integrate with other software or for diagnostics or whatever and it would *still* be a bug if the functionality can be exploited for other means.
This method is for helping non techies. Tell non techie: following this 4 steps to fix your router: telnet , name, password etc etc. It is always the same to make tech support easier.
I understand why having no password or the same password for everyone is easier for tech support - this is the same reasoning that led Wifi router manufacturers to have the routerr default to an open network with no encryption -- much fewer support calls from people that don't know their WEP or WPA key.
But that doesn't mean that it's not a security vulnerability.
Enough with the sophistry. A backdoor is not a bug. It is intentional, not accidental. If you have to call it by a computerish name, call it malware. It does after all cause unwanted and malicious behavior. A device with a backdoor is defective by design and abuses the customer's trust in a way that can not be remedied by a patch.
You can call it anything you like, but if you expect to return it and get a refund, you're going to have to come up with a better reason than "The software does something it's not supposed to, I want a refund". As long as the software/hardware does reasonably what it's supposed to, the manufacturer is unlikely to grant a refund, especially a year or more after purchase. If a security vulnerability (even a big gaping one) was sufficient to get a refund, no one would pay for any software, they'd just use it for a year or two, find a security vulnerability, then return it for a refund then buy the next version, and repeat.
I agree, it's a backdoor, but I disagree that there is any reasonable hope that the manufacturer will refund your money because there's a vulnerability in their code.
There is a supported feature on Netgear routers where so long as you're on the internal network you can send a magic packet (using a utility called TelnetEnable) to open up the telnet port, then you can telnet in and issue commands as the super user. All TelnetEnable needs is the IP address of the router, it's MAC address, and a widely known default username and password - all things anyone connected to the network can get easily.
It seems like this guy stumbled upon a similar feature.
Yes, this stuff should be better protected, but it's not necessarily a vulnerability. For example, you can log into your router this way and use iptables to add some custom firewall rules that the web admin interface doesn't support. The main hole here is A) Most people don't know it's even there, and B) The default username/password is the same for every router by default. You do need to be on the LAN side to send the magic packet in the first place.
Why is a method to log into the router without any password not classified as a "vulnerability"? If I let my roommate's sketchy friend plug his laptop into the ethernet network because I don't trust him with the Wifi password, I wouldn't expect him to be able to telnet into to my wifi router without a password.
On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?
Excuse me, but accepting commands and executing scripts received on an unusual port is not a bug. That is code that is there 100% intentional. In the UK, I'd call it defective; it would be pretty obvious that it was defective as sold, so you can return it to the shop where you bought it for a reasonable time (maybe 2 years).
You're excused.
Unless it's a published interface that they meant to be exploited that way, it can still be classified as a bug.
bug:
A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's source code or its design, or in frameworks and operating systems used by such programs
Attacking the router from inside the network is only a matter of infecting a computer inside the network.
Then the compromised computer is used to modify the DNS settings.
Then the whole network depending on the router to provide proper DNS is now visiting whatever hosts the attackers desire.
If you can already infect inside computers, do you really need to hack the router?