Slashdot Log In
Belkin To Offer Firmware Fix For Router Hijacking
Posted by
timothy
on Mon Nov 10, 2003 08:28 PM
from the testing-the-waters dept.
from the testing-the-waters dept.
L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming.
Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
"anonymous usage statistics?" (Score:5, Interesting)
My newer D-Link 604 router has some statistics and a thorough logging function (which is displayed in the web gui). - Is all of it really visible to the end user?
It's a good bet from the manufacturers that the device will be online all the time.
Perhaps one should install a box to surveil the router/firewall, if any connections are initiated from the router?
henc
Re:"anonymous usage statistics?" (Score:4, Funny)
- Redirecting all non-existant domains to "sitefinder"
Is this the year for the most stupid marketing ideas on the planet?
Parent
Re:"anonymous usage statistics?" (Score:5, Funny)
They'll think of something else that's worse, more intrusive, etc. every eighteen months or so.
I hereby dub this law to be known as "Xeno's law"
The first corollary is that the average IQ of marketers is thought to be a monotone decreasing function which tends to zero.
Parent
IQ of marketers = - (IQ of sensible person) (Score:3, Informative)
From the parent post: "... average IQ of marketers
The average IQ of some marketers is less than zero. They are very intelligent in being destructive to their companies, meaning they have a high negative IQ. Deciding to include router hijacking is not something an ignorant person could do.
The router hijacking idea was a product of considerable creative thinking [slashdot.org]. And Belkin's router project manager Eric Deming made himself semi-famous on Slashdot. Not everyone could do that!
Thi
Unemployed? Want a job? (Score:5, Funny)
In case you would like to apply for Mr. Deming's job, it's available [belkin.com]. (Scroll down to "Marketing Manager"). Or, just write careers@belkin.com.
Of course, Belkin won't accept just anyone. The "right candidate" must be able to "strategize, initiate, and execute". He or she must be able to "drive revenue" and "leverage knowledge" about "end-user sell-thru strategies" and must be able to "align resources" and "translate raw content".
Parent
Re:"anonymous usage statistics?" (Score:5, Funny)
In order to decrease by half it first must decrease by half of that.
In order to decrease by half of that, it must first decrease by half of that, and so on.
So it would seem that the IQ can never actually decrease at all.
This would imply that the IQ must start at 0.
You could call this something spiffy.. Xeno's Paradox maybe.
Parent
Re:"anonymous usage statistics?" (Score:4, Funny)
Ignoring Newton makes Baby Jesus cry.
Parent
Re:"anonymous usage statistics?" (Score:3, Insightful)
Uh, x^(1/2) is a monotonically decreasing function that tends to zero.
Re:"anonymous usage statistics?" (Score:5, Funny)
Brownian Intelligence?
Parent
Re:"anonymous usage statistics?" (Score:4, Interesting)
I really appreciate the folks who spend the time to figure out these things instead of writing it off as little "quirks" or accepting the line from tech support that you have to get "used to the product".
My brother actually got this line from a Fujitsu tech support guy when he complained that his laptop didn't always read the CD-rom when a new one was inserted and the fact that the laptop didn't shutdown when told to (It would just restart ). - this was in 1999 - BTW.
Parent
Re:"anonymous usage statistics?" (Score:5, Interesting)
The router allows Windows XP to bypass normal user/administrator authentication on the router, and add entires to the firewall table.. Have a look at the firewall page on the router, and see if there's two entries for "msmsgs" that you didn't make. Ever wonder how those got there, especially in light of the fact your router is supposed to be password protected? Gee, thanks D-Link!
Concievably, any schmuck out there could easilly write a virus that pollutes the firewall table in the same manner. I'm surprised nobody has done so already.
Parent
Re:"anonymous usage statistics?" (Score:5, Informative)
The MSN Messenger protocol requires you to listen to certain ports and if you're behind a NAT firewall then it doesn't work properly so it uses UPNP. From what I gather, anything which knows about UPNP can request ports to be opened.
It's not a specific thing from D-Link. A lot of new routers now support it.
Parent
Re:"anonymous usage statistics?" (Score:5, Informative)
Keep in mind, when these "msmsgs" (Which I think is the spam-happy Microsoft Messaging service, not MSN Messenger) entries pop up, they occupy HUGE swathes of IP space. Literally, tens of thousands of ports.
I originally noticed this problem while playing RTCW. Periodically, I wouldn't be able to log on to any servers, because the goddamn msmsgs entries in the firewall table would encompass the port range where RTCW servers reside (port 27000-30000 or so)... Huge areas of IP space, sometimes >20000 ports wide.
Did I mention you cant delete these "msmsgs" entries?
Yup. Not only are they added to the firewall table without your permission, you cant get rid of them. The only way you can remove those entries is by restoring factory defaults and rebooting. It took me 4 or 5 repetitions of this process to figure out what the fuck was going on.
D-Link, if you're listening, fix your goddamn router.
Parent
RE: UPNP service (Score:3, Informative)
I'm just a little bit surprised routers are actually making use of it now. I guess it's all about pressure put on them to make it easier for people to run special services from multiple computers (since NAT firewalls make you redirect traffic to one specific IP o
Re:D-Link PnP (Score:5, Funny)
I just wish there was a more adequate explanation of UPnP in the manual. Here's a copy of it, taken directly from the manual:
"UPnP is short for Universal Plug and Play which is a networking architecture that provides compatibility among networking equipment, software, and peripherals. The DI-604 is a UPnP enabled router and will only work with other UPnP devices/softwares. If you do not want to use the UPnP functionality, it can be disabled by selecting "Disabled".
It should read:
"Leaving this stupid fucking feature on leaves you bent-over and spread-cheeked for when a piece of malicious software comes along decides block every damn port on our router. UPnP allows changes to be made without your knowledge OR consent--it allows any program to totally bypass user/admin authentication. As an added bonus, entries commited via this backdoor^H^H^H^H^H^H^H^H"feature" cant' be removed without first factory-defaulting the whole goddamn router and rebooting it. Anyway, Microsoft wants us to put it here and leave it on by default. Click the box to disable it."
I think my explanation is much clearer, don't you?
Parent
Re:"anonymous usage statistics?" (Score:3, Informative)
The disguise of convienience for the home user at the cost of security (which the poor bastard doesn't even know he's giving up)to save the manufacturer the expense and pain in the ass of telling him how to properly configure the device.
The fact that it allows devices and apps to open their own outgoing doors without asking permission is just icing on the cake for the manufa
Turn off UPnP. (Score:3, Informative)
It's on Tools->Misc.
I've got a fix... (Score:5, Interesting)
Seriously, Belkin's response to this has been utterly abysmal. First they tried to justify it, only now that it's blowing up in their face do they try to remedy it.
They've lost a great deal of trust that they will never regain.
Re:I've got a fix... (Score:4, Insightful)
Will anybody affected ever buy TurboTax Again?
You think anybody will buy Belkin after this act of stupidity?
These companies just need a couple dozen average slashdot-type geeks to filter their ideas through. We would weed a lot of this stupid crap out. Hell, they could have just posted the idea in the newsgroup and watched the flames pour in.
Somebody will get fired over this...
Davak
Parent
Re:I've got a fix... (Score:5, Insightful)
Sure, among uber-geeks and /.'ers. John Q. Public who purchased these Routers was doubtless annoyed by it, but John Q. Public who is still in the market and who (likely) hasn't heard about it will still consider buying Belken products.
Two questions/points would spring to mind:
1) I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware.
2) I wonder how many units are still sitting on store shelves with the old firmware in them? This could haunt Belken for quite some time yet.
Personally, I have experience with Linksys, Belken and Netgear NAT routers. I'll be sticking with my Duron based $250 Linux box and iptables :) So what if it uses 50+ kilowatt hours of power a month ;)
Parent
Re:I've got a fix... (Score:4, Insightful)
What's a web interface? How do I login? Where do I type in that address? What's number lock? Do I need to plug the router in first? If I unplugged the router by accident in the middle of the upgrade am I in trouble?
Sorry, again, "I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware".
(And yes before I'm modded flamebait that was the disgruntled ramblings of a former Level 1 support tech ;)
Parent
Re:I've got a fix... (Score:5, Funny)
The web? Isn't that like AOL?
Sorry, that was too easy. I should probably lose some of my cynicism :P It's been reinforced too much by end users.
In all seriousness though, I think "web interface" would confuse them, whereas if you said "We are going to a special webpage in Internet Explorer" or something along those lines you'd have better luck. Or maybe not. Never underestimate the stupidity of an end-user....
Parent
Re:I've got a fix... (Score:3, Interesting)
You entirely missed the point of my original comment, which was "I pity the poor Level 1....." Just because you can do it, doesn't mean you want to. Give me 5 or 10 minutes I can walk just about anybody through doing anything. That doesn't mean I enjoy doing so.
My point being, that the Belken tech support ppl (or whoever they outsource it
In case their message changes again... (Score:3, Informative)
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you."
If anyone has the testy version, post that too! I'm curious.
Re:In case their message changes again... (Score:4, Informative)
"Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you."
Parent
Original Snippy Message (Score:5, Informative)
Kharma whoring for fun and profit....
The old message? from Google cache (Score:5, Informative)
cache here [216.239.37.104] (as of 10 Nov 2003 20:43 EST):
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
Re:The old message? from Google cache (Score:5, Interesting)
The origional reply from Eric Deming ("a product manager for Belkin's LAN products and
Malev [google.com]
Clifton T. Sharp Jr. [google.com]
dave [google.com]
And even a simple text mirror outside Google's domain provided by Steven J Sobol [stevesobol.com].
The removed message was replaced by a very familiar sounding post again from Eric Deming. Google Groups currently has its own copy available [google.com] (at the time of this writing). But others have already began the process of burying [google.com] the text - probably due to previous experience.
Of course - if all these sources fail you... you can always find the same text burried in reader comments from the initial Slashdot article mentioned in this article's submission.
Parent
original message text (Score:5, Informative)
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Now we have the more concise and concilliatory
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet
but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Re:original message text (Score:5, Funny)
Mynd you, moose bites Kan be pretty nasti...
We apologise again for the fault in the router. Those responsible for sacking the people who have just been sacked have been sacked.
--Humba
Parent
Re:original message text (Score:5, Insightful)
It is really, really basic. It's a form of the Golden Rule. "Would this be acceptable to us if someone did it to us?" Or, "would our customers find this acceptable if another company did it?"
The marketing types responsible for this are demonstrably liabilities to Belkin and should be dismissed. As if...
Parent
I am such a Karma Whore (Score:3, Informative)
Here's an article about their stupid response [dslreports.com].
Here's the original Slashdot article [slashdot.org].
Speaking of routers... (Score:3, Interesting)
lemme guess... (Score:5, Funny)
Brouhaha over nothing (Score:3, Interesting)
Yes, I was annoyed, but no more than from mandatory product registrations or e-mails I receive from e-tailers from whom I've bought something. In the grand scheme of things, I'm used to the abuse. Today's standard practice is to let the customer opt-out after the first annoying sales pitch.
I honestly was surprised to see this issue posted on
Re:Brouhaha over nothing (Score:5, Insightful)
Advertising shouldn't be on a product that is paid for. The router should do only one thing: route packets. Anything else, if it drops packets, rewrites packets (which it does), etc, then it doesn't work properly, and a complaint to Belkin is in order, along with a request for an RMA#. If the router is designed not to work properly (as it seems), then we need to file a report with the FTC.
Parent
That's the tradgedy (Score:4, Insightful)
This is what is really bad, and why Belkin thought they could get away with this crap. We have become used to the abuse. We need to stand up and say, "I'm mad as hell, and I'm not gonna take it anymore!"
The incredibly onerous and annoying contracts that have become standard parts of software licenses are starting to creep out of the fine print of click-through EULA's that no one ever reads and into everyday life. I think hardware companies look enviously at software companies, with their "no responsiblity for the company/no rights for the user" legal disclaimers. They are increasingly trying to get the same kind of weasely deals for themselves.
But actual physical products are a different animal, and you can't hide how you're screwing the customer behind an "agree" button. If EULA's weren't such confusing legalese, and people actually bothered to understand what they are actually "agreeing" to, I believe we'd all make a bigger stink about it. Fortunately, it's more obvious when physical items try to act like virtual ones.
Parent
Userfriendly cartoon bashing... (Score:3, Funny)
UserFriendly ad [userfriendly.org]
The damage is done (Score:4, Insightful)
I had considered switching over to one of these devices (I have periodic problems with the hard disk failing, and I am running out of small hard disk replacements for it
I would strongly urge anyone else savvy with Linux or even *BSD administration to strongly consider this route. Belkin just proved that you can't trust anyone to route your data with a "black box" solution. OK, maybe not Cisco, but are you gonna fork over $10k for a home router?
(Yes I know Cisco just bought Linksys; I still won't trust 'em)
It's a quality thing (Score:4, Insightful)
Trouble is, we buy products because it is good for us, not good for the manufacturer. They seem to have lost sight of it, although may have realised their mistake (or equally likely they haven't realised it, but it's just they dislike the bad publicity).
Either way, it speaks volumes of their corporate decision making. In my experience, corporate decision making is at best, of highly variable quality; managers try to come up with just slightly too clever schemes that try to raise profits at the (non financial) expense of the customer. These things add negative qualities to the product. Why would you ever want to do that?
Actually, that was the first message (Score:3, Informative)
Then, either Saturday or Sunday, they changed it to the far less likable one, which was much closer to Eric Deming's original reply in the usenet thread (which, oddly enough, was deleted from google groups). The problem is that it seemed more that they were trying to spin than acknowledge the problem. Methinks that they went back to the first version because they realized that they couldn't spin it at all.
Too little, too late (Score:5, Insightful)
All that backing off here is doing, is admitting that they pushed a bit too hard. Nobody can tell me that the goal of Belkin has changed, or is any different from VeriSign's. They want to manipulate the infrastructure of the internet. They want control over my computer, and how it works.
Fuck 'em. They have to REALLY work hard to win back my business. Apologizing and issuing a firmware patch ain't good enough by half.
Canned email reply from Belkin (Score:3, Informative)
It doesn't really tell us anything new, except that Belkin seems to be missing the point entirely, defending their "feature" and not mentioning anything about any upcoming firmware fixes.
Can I bill Belkin for field installation? (Score:4, Insightful)
not buying Belkin (Score:3)
The sooner hardware manufacturers realize that pulling stunts like this results in some sort of backlash which affects their bottom line, the better.
Re:not buying Belkin (Score:4, Insightful)
Hey, not to rise to Belken's defense (because I'm not too hip on their products.... got a dead USB hub from them once... and a dead USB add-on card a week later, both RMA'ed and replaced thou, but still...), but does anybody seriously think this was an intentional stunt?
More likely then not, this was the brainchild of some idiot in marketing, who will probably lose his job over it. One of those ideas that looks great on paper and blows up in your face when released to the world. It's happened to all of us at one point or another (though probably not to this scale).
Now that doesn't excuse the initial statement on the website defending the feature. But again, that was probably the brainchild of some idiot in PR saying "We can't admit we made a mistake". Fortunately, it seems that smarter heads prevailed in this case.
Parent
Revised Email Sig (Score:3, Informative)
Belkin (verb) - To surreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.
"I installed topdesk and it belkined my browser."
"VeriSign's SiteFinder belkined the
Belkin products are broken as designed. http://slashdot.org/article.pl?sid=03/11/07/17402
Belkin has recanted and claims they will issue a patch. Good. Now all they have to do for me to remove this
What about the backdoor? (Score:5, Insightful)
Most Smoking Crack Operation? (Score:5, Funny)
Who smoked the most crack in 2003?
(_) SCO
(_) Belkin
(_) Verisign
(_) CowboyNeal
(_) *A
(_) All of the above
This was informative? (Score:4, Interesting)
2) What if you're NOT using a browser for your applications? What if you're using SOAP or XML-RPC for something? In either of those cases, Belkin's little advert thing will BREAK things.
3) When I install software, I don't get ads about new products when I'm installing. This includes GAMES.
I don't care HOW you'd like to rationalize it- what Belkin did was way over the top stupid.
Parent