[lug] Got D-Link? Got rooted?

Davide Del Vento davide.del.vento at gmail.com
Fri Oct 25 11:54:58 MDT 2013


I have one of these (and I do have some strong passwords for it).
It is not clear to me what I should do to check if I'm affected (other than
perhaps installing OpenWRT or derivative in it -- which is something in my
todo list "for when I'll have time", which with the consequences of the
flood still here has become even later than the previous "probably never").
Suggestions?
Cheers,
Davide


On Fri, Oct 25, 2013 at 10:48 AM, George S. <georges at mhsoftware.com> wrote:

>  I ran into a case where a customer's router had been reconfigured so that
> the DHCP server was handing out DNS servers in Russia. They noticed it when
> the DNS servers went offline, and anyone using DHCP couldn't actually do
> anything on the internet.
>
> They had never set a password for the admin account in the device.
>
>
> On 10/20/13 5:59 PM, Bear Giles wrote:
>
>  Magic user agent: xmlset_roodkcableoj28840ybtide. (read it backwards)
>
>
> http://www.infoworld.com/d/security/backdoor-found-in-d-link-router-firmware-code-228725
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
>
> --
> George Sexton
> MH Software, Inc.303 438-9585http://www.mhsoftware.com/
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20131025/6ea8bf0c/attachment.html>


More information about the LUG mailing list