D-Link will address by the end of October a security issue in some of its
routers that could allow attackers to change the device settings without
requiring a username and password.
The issue consists of a backdoor-type function built into the firmware of
some D-Link routers that can be used to bypass the normal authentication
procedure on their Web-based user interfaces.
Craig Heffner, a vulnerability researcher with Tactical Network Solutions,
discovered and publicly reported the issue.
“If your browser’s user agent string is ‘xmlset_roodkcableoj28840ybtide’
(no quotes), you can access the web interface without any authentication and
view/change the device settings,” he wrote Saturday in a blog post.
When read in reverse, the last part of this hard-coded value is “edit by
04882 joel backdoor.”
D-Link will release firmware updates to address the vulnerability in
affected routers by the end of October, the networking equipment manufacturer
said via email.
The updates will be listed on a security page on the D-Link website and in
the download section of the support page for each affected product.
The company did not clarify why the backdoor was placed in the firmware in
the first place or what router models are affected.
According to Heffner, the affected models likely include D-Link’s DIR-100,
DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240 and possibly DIR-615. The
BRL-04UR and BRL-04CW routers made by Planex Communications might also be
vulnerable because they also appear to use the same firmware, he said.
The risk of unauthorized access is higher for routers that have been
configured for remote management and have their Web administration interface
exposed to the Internet.
However, even when the interface is only accessible from the internal
network—the default setting in D-Link routers—this backdoor can still pose a
threat because any visitor who connects to the wireless network or any piece of
malware running on a computer inside the network can exploit it to make
unauthorized changes to the router’s configuration.
Such changes can have serious security consequences. For example, changing
the DNS (Domain Name System) servers used by the router—and inherently every
device on the network—with DNS servers controlled by an attacker would enable
the attacker to redirect users to rogue websites when trying to access
legitimate ones.
“Owners of affected devices can minimize any potential risk by ensuring
that their router has the Wi-Fi password enabled and that remote access is
disabled,” D-Link said.
“If you receive unsolicited emails that relate to security vulnerabilities
and prompt you to action, please ignore it,” the company said. “When you click
on links in such emails, it could allow unauthorized persons to access your
router. Neither D-Link nor its partners and resellers will send you unsolicited
messages where you are asked to click or install something.”
Monday, 14 October 2013
After the Nokia acquisition is total (assuming it gets shareholder and regulatory approval)
The optimist would say that Windows Phone's prospects have never been
brighter. The pessimist would disagree.
Around the bright side, Microsoft just announced Windows Telephone 8 Update 3, which includes new support for quad-core CPUs and phablets that aids retain its spec lists seeking fresh. Moreover, the buyout of Nokia's smartphone arm will bring Redmond's largest hardware ally totally in to the fold, all when BlackBerry's apparent demise topples the competition for third-largest ecosystem. All this offers the software giant a possibility to at least double Windows Telephone growth by 2017.
Around the other hand, Windows Telephone adoption has been slow, together with the OS fighting for significantly less than ten percent of mobile's international industry share, even though Android and iOS gobble up the overwhelming majority.
Also, Microsoft has a challenge with partners. At the moment it's wanting to woo back HTC to when again expand the Windows Telephone ecosystem. If that fails, Microsoft can be the only outfit generating Windows phones. That single-source method may well function for Apple, but even the iPhone is obtaining a difficult time standing up to Android's diverse and seemingly inexhaustible players.
Back in 2010, and once more in 2011, Microsoft pleaded for patience in getting its Windows Phone off the ground. But this year, the newest update's most visible enhancements are a modified interface for extra-large phones and the capability to close apps in multitasking mode. You also can customize text tones by make contact with.
This really is hardly hearty fare, but Microsoft points out that these are the most-wanted additions requested by fans.
On the other hand, Windows Telephone shoppers also clamor to get a notification center, a file manager, a private assistant, better storage help for microSD cards, and indicator lights that signal missed calls and alerts. Lots of of those have been requested because the OS debuted and have extended existed on Android and iOS.
Then there's Skype, the other enterprise that Microsoft bought in 2011 (and for 1.three billion greater than Nokia), however the business has yet to integrate it into Windows smartphones by default to counter Apple's FaceTime and also Google Plus Hangouts. Yes, Windows Telephone 8 Skype users can spot calls from the People today hub, soon after initial downloading the app. What I'm talking about is creating this an out-of-the-box function.
We do know, at least, that Microsoft is challenging at operate on a private assistant of its own known as Cortana, which understands natural language and can replace the legacy TellMe voice input at present in use.
Microsoft's subsequent update ought to be a major a single that involves this personal assistant, notification center, and Skype integration at the quite least. After the Nokia acquisition is total (assuming it gets shareholder and regulatory approval), Windows Phone really should quickly incorporate Nokia-designed software program tools, like its camera add-ons, in to the native OS practical experience.
From exactly where I sit, Microsoft's largest asset -- and challenge -- will be to take the massive dangers that make a business stand out as a player worth paying consideration to. Immediately after the transition, the Windows Phone group ought to not just use, but push Nokia's venerable design philosophy into edgier territory.
Microsoft really should waste no time funding projects that discover and apply new finishes and materials (like continuing its work on graphene), publish some wacky proofs of notion (like this one from 2011, also beneath), and maybe generate a high-end luxury phone of its personal.
Why? Microsoft's Windows Phone project has spent its lifetime being reactionary, wanting to catch up to Apple and Google without having genuinely managing to keep pace. This isn't the time for you to be conservative with cookie-cutter design and style and characteristics which are just excellent sufficient.
www.windows7prokeys.com
Around the bright side, Microsoft just announced Windows Telephone 8 Update 3, which includes new support for quad-core CPUs and phablets that aids retain its spec lists seeking fresh. Moreover, the buyout of Nokia's smartphone arm will bring Redmond's largest hardware ally totally in to the fold, all when BlackBerry's apparent demise topples the competition for third-largest ecosystem. All this offers the software giant a possibility to at least double Windows Telephone growth by 2017.
Around the other hand, Windows Telephone adoption has been slow, together with the OS fighting for significantly less than ten percent of mobile's international industry share, even though Android and iOS gobble up the overwhelming majority.
Also, Microsoft has a challenge with partners. At the moment it's wanting to woo back HTC to when again expand the Windows Telephone ecosystem. If that fails, Microsoft can be the only outfit generating Windows phones. That single-source method may well function for Apple, but even the iPhone is obtaining a difficult time standing up to Android's diverse and seemingly inexhaustible players.
Back in 2010, and once more in 2011, Microsoft pleaded for patience in getting its Windows Phone off the ground. But this year, the newest update's most visible enhancements are a modified interface for extra-large phones and the capability to close apps in multitasking mode. You also can customize text tones by make contact with.
This really is hardly hearty fare, but Microsoft points out that these are the most-wanted additions requested by fans.
On the other hand, Windows Telephone shoppers also clamor to get a notification center, a file manager, a private assistant, better storage help for microSD cards, and indicator lights that signal missed calls and alerts. Lots of of those have been requested because the OS debuted and have extended existed on Android and iOS.
Then there's Skype, the other enterprise that Microsoft bought in 2011 (and for 1.three billion greater than Nokia), however the business has yet to integrate it into Windows smartphones by default to counter Apple's FaceTime and also Google Plus Hangouts. Yes, Windows Telephone 8 Skype users can spot calls from the People today hub, soon after initial downloading the app. What I'm talking about is creating this an out-of-the-box function.
We do know, at least, that Microsoft is challenging at operate on a private assistant of its own known as Cortana, which understands natural language and can replace the legacy TellMe voice input at present in use.
Microsoft's subsequent update ought to be a major a single that involves this personal assistant, notification center, and Skype integration at the quite least. After the Nokia acquisition is total (assuming it gets shareholder and regulatory approval), Windows Phone really should quickly incorporate Nokia-designed software program tools, like its camera add-ons, in to the native OS practical experience.
From exactly where I sit, Microsoft's largest asset -- and challenge -- will be to take the massive dangers that make a business stand out as a player worth paying consideration to. Immediately after the transition, the Windows Phone group ought to not just use, but push Nokia's venerable design philosophy into edgier territory.
Microsoft really should waste no time funding projects that discover and apply new finishes and materials (like continuing its work on graphene), publish some wacky proofs of notion (like this one from 2011, also beneath), and maybe generate a high-end luxury phone of its personal.
Why? Microsoft's Windows Phone project has spent its lifetime being reactionary, wanting to catch up to Apple and Google without having genuinely managing to keep pace. This isn't the time for you to be conservative with cookie-cutter design and style and characteristics which are just excellent sufficient.
www.windows7prokeys.com
Subscribe to:
Comments (Atom)