Backdoor found in D-Link router firmware code

  • Sports
  • Technology
  • Technology
    » Backdoor found in D-Link router firmware code

    By Jeremy
    Kirk, IDG News Service

    A backdoor found in
    firmware used in several D-Link routers could allow an attacker to change a
    device’s settings, a serious security problem that could be used for
    surveillance.

    Craig
    Heffner
    , a vulnerability researcher with Tactical Network Solutions
    who specializes in wireless and embedded systems, found the vulnerability.
    Heffner wrote on his blog
    that the web interface for some D-Link routers could be accessed if a
    browser’s user agent string is set to “xmlset_roodkcableoj28840ybtide.”

    Curiously,
    if the second half of the user agent string is reversed and the number is
    removed, it reads “edit by joel backdoor,” suggesting it was intentionally
    placed there.

    “My guess is that the developers realized
    that some programs/services needed to be able to change the device’s settings
    automatically,” Heffner wrote. “Realizing that the web server already had all
    the code to change these settings, they decided to just send requests to the
    web server whenever they needed to change something.

    To
    read this article in full or to leave a comment, please click
    here

    Via: Technology

    Related Posts

    Recent
    Posts

    Categories

    Archives

    Categories

    Recent Posts

    Hair Care Tips |
    Top Ten
    Things
    | Bridal
    Makeup Tips
    function et_search_bar(){var $searchform =
    jQuery(‘#header div#search-form’),$searchinput =
    $searchform.find(“input#searchinput”),searchvalue =
    $searchinput.val();$searchinput.focus(function(){if (jQuery(this).val() ===
    searchvalue) jQuery(this).val(“”);}).blur(function(){if
    (jQuery(this).val() === “”)
    jQuery(this).val(searchvalue);});}jQuery(“.js ul.nav a, .js ul.nav ul a,
    .js ul.nav ul li, .js ul.nav li.sfHover ul, .js ul.nav li li.sfHover ul, .js
    div.category a, .js span.month, .js span.date, .js h2.title, .js p.postinfo,
    .js #tabbed-area li a, .js #sidebar h3.widgettitle, .js .wp-pagenavi
    span.current, .js .wp-pagenavi span.extend, .js .wp-pagenavi a, .js
    .wp-pagenavi span, .js #footer h3.title, .js .info-panel h3.infotitle, .js
    .post-text h1.title, .js .cufon-disabled .blog-title a, .js p.post-meta, .js
    h3#comments, .js span.fn, .js span.fn a, .js .commentmetadata span.month, .js
    .commentmetadata
    span.date”).css(‘text-indent’,’0px’);jQuery(“ul.nav > li >
    ul”).prev(“a”).attr(“href”,”#”);jQuery(‘.entry’).click(function(){window.location
    = jQuery(this).find(‘.title a’).attr(‘href’);});Cufon.now();});//]]
    bestthemeswordpress.combest wordpress themes
    magazine wordpress
    themes
    restaurant wordpress
    themes

    Leave a Comment

    Your email address will not be published.