Language Selection

English French German Italian Portuguese Spanish

Easter egg: DSL router patch merely hides backdoor instead of closing it

Filed under
Hardware
Security
Legal

First, DSL router owners got an unwelcome Christmas present. Now, the same gift is back as an Easter egg. The same security researcher who originally discovered a backdoor in 24 models of wireless DSL routers has found that a patch intended to fix that problem doesn’t actually get rid of the backdoor—it just conceals it. And the nature of the “fix” suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was an intentional feature to begin with.

Back in December, Eloi Vanderbecken of Synacktiv Digital Security was visiting his family for the Christmas holiday, and for various reasons he had the need to gain administrative access to their Linksys WAG200G DSL gateway over Wi-Fi. He discovered that the device was listening on an undocumented Internet Protocol port number, and after analyzing the code in the firmware, he found that the port could be used to send administrative commands to the router without a password.

After Vanderbecken published his results, others confirmed that the same backdoor existed on other systems based on the same Sercomm modem, including home routers from Netgear, Cisco (both under the Cisco and Linksys brands), and Diamond. In January, Netgear and other vendors published a new version of the firmware that was supposed to close the back door.

Read more

More in Tux Machines

digiKam Software Collection 4.3.0 released...

After a long bugs triage, we have worked hard also to close your reported issues.. A long list of the issues closed in digiKam 4.3.0 is available through the KDE Bugtracking System. Read more

Seneca College realizes value of open source

Red Hat has done a lot of work with CDOT, lately specializing in Fedora for ARM processors. Pidora, the Fedora Linux Remix specifically targeted to the Rasberry Pi, was primarily developed at CDOT. Another company that we have been working with lately is Blindside Networks. They do a lot of work with CDOT on the BigBlueButton project, which is a web conferencing tool for online education. NexJ is a Toronto-based software development firm that has worked with CDOT on various aspects of open health tools on the server side and integration of medical devices with smart phones. We have recently started working on the edX platform, where developers around the globe are working to create a next-generation online learning platform. Read more

Today in Techrights

Initial impressions of PCLinuxOS 2014.08

I spend more time looking at the family trees of Linux distributions than I do looking at my own family tree. I find it interesting to see how distributions grow from their parent distribution, either acting as an extra layer of features which regularly re-bases itself or as a separate fork. New distributions usually tend to remain similar in most ways to their parent distro, using the same package manager and maintaining similar philosophies. When I look at the family trees of Linux distributions one project stands out more than others: PCLinuxOS. Read more