Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Linksys WRT54g security

Reply
Thread Tools

Linksys WRT54g security

 
 
KewlKiwi
Guest
Posts: n/a
 
      10-01-2005
See:

<http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1124857,00.html?track=NL-105&ad=529860>

or http://tinyurl.com/a736k
 
Reply With Quote
 
 
 
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      10-01-2005
In article <433e447a$(E-Mail Removed)>, KewlKiwi <(E-Mail Removed)>
wrote:

><http://searchsecurity.techtarget.com...d14_gci1124857
>,00.html?track=NL-105&ad=529860>


That article is dated over two weeks ago. And guess what
<http://www.linksys.com/servlet/Satel...2FLayout&packe
dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sk u%3D1127782957298&pagen
ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
released from four days ago.

Things move fast in the open-source world...
 
Reply With Quote
 
 
 
 
Mercury
Guest
Posts: n/a
 
      10-01-2005
so much for your many eyes theory then. how do you explain the exploit being
there in the first place?

"Things move fast in the open-source world..."

hmmm. fix on fail? superior coding, best programmers, least code flaws?

"Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
news:(E-Mail Removed)...
> In article <433e447a$(E-Mail Removed)>, KewlKiwi <(E-Mail Removed)>
> wrote:
>
>><http://searchsecurity.techtarget.com...d14_gci1124857
>>,00.html?track=NL-105&ad=529860>

>
> That article is dated over two weeks ago. And guess what
> <http://www.linksys.com/servlet/Satel...2FLayout&packe
> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sk u%3D1127782957298&pagen
> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
> released from four days ago.
>
> Things move fast in the open-source world...



 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      10-01-2005
In article <dhlmvq$o64$(E-Mail Removed)>, "Mercury" <(E-Mail Removed)>
wrote:

>so much for your many eyes theory then. how do you explain the exploit being
>there in the first place?
>
>"Things move fast in the open-source world..."
>
>hmmm. fix on fail? superior coding, best programmers, least code flaws?
>
>"Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
>news:(E-Mail Removed)...
>> In article <433e447a$(E-Mail Removed)>, KewlKiwi <(E-Mail Removed)>
>> wrote:
>>
>>><http://searchsecurity.techtarget.com...sid14_gci11248
>>>57
>>>,00.html?track=NL-105&ad=529860>

>>
>> That article is dated over two weeks ago. And guess what
>> <http://www.linksys.com/servlet/Satel...2FLayout&packe
>> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sk u%3D1127782957298&pagen
>> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
>> released from four days ago.
>>
>> Things move fast in the open-source world...


Better than not fixing the problem at all
<http://groups.google.co.nz/group/nz.comp/msg/0b84b3efc7ec5ce4>...
 
Reply With Quote
 
-=rjh=-
Guest
Posts: n/a
 
      10-01-2005
Lawrence D'Oliveiro wrote:
> In article <433e447a$(E-Mail Removed)>, KewlKiwi <(E-Mail Removed)>
> wrote:
>
>
>><http://searchsecurity.techtarget.com...d14_gci1124857
>>,00.html?track=NL-105&ad=529860>

>
>
> That article is dated over two weeks ago. And guess what
> <http://www.linksys.com/servlet/Satel...2FLayout&packe
> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sk u%3D1127782957298&pagen
> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
> released from four days ago.
>
> Things move fast in the open-source world...


Not sure where you are seeing that: the firmware version that fixes all
these vulnerabilities appears to be 4.20.7 which is dated 25/8/2005,
with nothing newer that I can see. So this was fixed five weeks ago, ie
3 weeks before the article.

I've got a GS, which doesn't appear to be affected but hard to be sure.

Also, since this is a security issue, why are owners dependent on chance
mentions in media and newsgroups to be made aware of these issues? The
industry really needs to get its act together on this kind of thing. For
example, why can't the AP have an option to check for updates or
information and add it to the logs?
 
Reply With Quote
 
Richard
Guest
Posts: n/a
 
      10-01-2005
-=rjh=- wrote:
> Lawrence D'Oliveiro wrote:
>
>> In article <433e447a$(E-Mail Removed)>, KewlKiwi <(E-Mail Removed)>
>> wrote:
>>
>>
>>> <http://searchsecurity.techtarget.com...d14_gci1124857
>>>
>>> ,00.html?track=NL-105&ad=529860>

>>
>>
>>
>> That article is dated over two weeks ago. And guess what
>> <http://www.linksys.com/servlet/Satel...2FLayout&packe
>> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sk u%3D1127782957298&pagen
>> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
>> released from four days ago.
>>
>> Things move fast in the open-source world...

>
>
> Not sure where you are seeing that: the firmware version that fixes all
> these vulnerabilities appears to be 4.20.7 which is dated 25/8/2005,
> with nothing newer that I can see. So this was fixed five weeks ago, ie
> 3 weeks before the article.
>
> I've got a GS, which doesn't appear to be affected but hard to be sure.
>
> Also, since this is a security issue, why are owners dependent on chance
> mentions in media and newsgroups to be made aware of these issues? The
> industry really needs to get its act together on this kind of thing. For
> example, why can't the AP have an option to check for updates or
> information and add it to the logs?


All those flaws are in the web interface on the router, and if someone has
access to that then you already have problems because they are _on your lan_ -
It will however be of concern if you have the remote administration turned on
however.
 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      10-02-2005
In article <433e739c$(E-Mail Removed)>, -=rjh=- <(E-Mail Removed)>
wrote:

>Lawrence D'Oliveiro wrote:
>> In article <433e447a$(E-Mail Removed)>, KewlKiwi <(E-Mail Removed)>
>> wrote:
>>
>>><http://searchsecurity.techtarget.com...sid14_gci11248
>>>57
>>>,00.html?track=NL-105&ad=529860>

>>
>>
>> That article is dated over two weeks ago. And guess what
>> <http://www.linksys.com/servlet/Satel...2FLayout&packe
>> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sk u%3D1127782957298&pagen
>> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
>> released from four days ago.
>>
>> Things move fast in the open-source world...

>
>Not sure where you are seeing that: the firmware version that fixes all
>these vulnerabilities appears to be 4.20.7 which is dated 25/8/2005,
>with nothing newer that I can see. So this was fixed five weeks ago, ie
>3 weeks before the article.


See, things move *really* fast in the open-source world.

>I've got a GS, which doesn't appear to be affected but hard to be sure.
>
>Also, since this is a security issue, why are owners dependent on chance
>mentions in media and newsgroups to be made aware of these issues? The
>industry really needs to get its act together on this kind of thing. For
>example, why can't the AP have an option to check for updates or
>information and add it to the logs?


I suppose this could be added in one of the third-party firmware distros.

Or alternatively, why not just have one of your actual PCs set up to do
the check...
 
Reply With Quote
 
Mercury
Guest
Posts: n/a
 
      10-04-2005
now explain the exploit.

"Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
news:(E-Mail Removed)...
> In article <dhlmvq$o64$(E-Mail Removed)>, "Mercury" <(E-Mail Removed)>
> wrote:
>
>>so much for your many eyes theory then. how do you explain the exploit
>>being
>>there in the first place?
>>
>>"Things move fast in the open-source world..."
>>
>>hmmm. fix on fail? superior coding, best programmers, least code flaws?
>>
>>"Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
>>news:(E-Mail Removed)...
>>> In article <433e447a$(E-Mail Removed)>, KewlKiwi <(E-Mail Removed)>
>>> wrote:
>>>
>>>><http://searchsecurity.techtarget.com...sid14_gci11248
>>>>57
>>>>,00.html?track=NL-105&ad=529860>
>>>
>>> That article is dated over two weeks ago. And guess what
>>> <http://www.linksys.com/servlet/Satel...2FLayout&packe
>>> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sk u%3D1127782957298&pagen
>>> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
>>> released from four days ago.
>>>
>>> Things move fast in the open-source world...

>
> Better than not fixing the problem at all
> <http://groups.google.co.nz/group/nz.comp/msg/0b84b3efc7ec5ce4>...



 
Reply With Quote
 
shannon
Guest
Posts: n/a
 
      10-04-2005
Mercury wrote:
> now explain the exploit.
>


why bother
read setup recommendations
turn on encryption
disable wireless access to web interface
 
Reply With Quote
 
Lawrence D'Oliveiro
Guest
Posts: n/a
 
      10-05-2005
In article <dht964$t1m$(E-Mail Removed)>, "Mercury" <(E-Mail Removed)>
wrote:

>now explain the exploit.
>
>"Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message


Why,

>news:(E-Mail Removed)...
>> In article <dhlmvq$o64$(E-Mail Removed)>, "Mercury" <(E-Mail Removed)>
>> wrote:
>>
>>>so much for your many eyes theory then. how do you explain the exploit
>>>being
>>>there in the first place?


don't

>>>
>>>"Things move fast in the open-source world..."
>>>
>>>hmmm. fix on fail? superior coding, best programmers, least code flaws?
>>>
>>>"Lawrence D'Oliveiro" <(E-Mail Removed)_zealand> wrote in message
>>>news:(E-Mail Removed)...
>>>> In article <433e447a$(E-Mail Removed)>, KewlKiwi <(E-Mail Removed)>


you

>>>> wrote:
>>>>
>>>>><http://searchsecurity.techtarget.com...2,sid14_gci112
>>>>>48
>>>>>57
>>>>>,00.html?track=NL-105&ad=529860>
>>>>
>>>> That article is dated over two weeks ago. And guess what


understand

>>>> <http://www.linksys.com/servlet/Satel...2FLayout&packe
>>>> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sk u%3D1127782957298&pagen
>>>> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
>>>> released from four days ago.
>>>>
>>>> Things move fast in the open-source world...

>>
>> Better than not fixing the problem at all
>> <http://groups.google.co.nz/group/nz.comp/msg/0b84b3efc7ec5ce4>...


it?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linksys WRT54G as a repeater or print server? Neil Barras Wireless Networking 1 11-30-2004 12:44 AM
Linksys WRT54G and WPC54G network problems =?Utf-8?B?Q2F2?= Wireless Networking 5 10-31-2004 08:19 PM
LinkSys WPC54G Stopped getting DHCP address from WRT54G after XP SP2 update Marcel Bernards Wireless Networking 4 09-11-2004 08:25 PM
My Wit's End with Wireless (Gateway M1300 Tablet PC and Linksys WRT54G) David Lipetz Wireless Networking 20 09-07-2004 06:00 PM
Gateway M1300 TabletPC & Linksys WRT54G: WLAN Connection Drops David Lipetz Wireless Networking 2 08-26-2004 02:22 PM



Advertisments