Earlier this year in Jan, SourceSec Security Research published a exploit which in fact is just a SOAP packet which allow users to set admin passwords (in the LAN, unless someone finds a way to use HNAP over WAN) on some of the routers. I have reasons to believe in fact it is all routers supporting HNAP.
The details:
http://www.sourcesec.com/tag/hnap/
D-Link replied and stated somethings which I think was stupid such as it can only be exploited with the software (which I see is nothing more than injecting a SOAP packet because there is no authentication). I believe anyone with some SOAP knowledge is able to just send the packet over or simply run the bash scripts available on the website.
The argument about which firmware is probably some overlook by the security researcher, but D-Link should spend more time checking which are the affected firmware instead of check out which of the listed firmware did not exist!
BUT, this is the best part. Singapore telco Starhub has some promotion for their users to get D-Link products (for free I guess) and D-Link has even created a special page for Starhub users.
Here is the "Download" page for the Starhub equipment on D-Link:
http://www.dlink.com.sg/Starhub/downloads.asp
The best part is, look at those firmware. They are ancient! The link still works though, but it seems like this page is totally forgotten and they will probably not update it any further. What this means is that all Starhub users who follows this link will believe that this is the latest firmware available for their routers. And take for example DIR-655. The vulnerability is only fixed in 1.33NA which has the following update notes:
¤ Fixed: Correct HNAP issue.
¤ Fixed: DNS relay issue ( WAN Slowdown )
¤ Added: Advanced DNS descriptions
And we still have 1.11 on the Starhub page. To add some damage to this, 1.33NA is essentially for North America. I had tried looking for 1.33WW (world Wide) and this only thing that came close is from the Russia FTP which may very well end up giving you a Russian web interface (unconfirmed).
Has D-Link forsaken the rest of the world on DIR-655? Well share your thoughts here in the comments.
Tuesday, June 29, 2010
Disciples 3 Renaissance Gameplay
It is finally released and available for purchase. Hope they dun screw it up like the HOMM series.
Monday, June 28, 2010
Reverse...
There is a reason why sometimes you need to press the horn (loudly). And this is one of them:
Friday, June 25, 2010
心竅 -《蒲松齡》主題曲 ~ 馬浚偉
《蒲松齡》主題曲:心竅-馬浚偉
作曲 鄧智偉
填詞 張美賢
編曲 Johnny Yim
監製 鄧智偉
迷惑太多 能望見太多 明白太少
預計長夜深 終於天曉
暗黑的心 才最叵測 難料
雲象太多 而道理太多 提示太少
直到長夜深 星光普照
聽風的笑 能盡世間 奇妙
如夢初醒 無言才動聽心的呼叫
鏡中緣 霧裡花 在美好 從未需要
如夢不醒 芒然流淚過荒島身照
愛很長 夜再深 還有破曉
迷惑太多 能望見太多 明白太少
預計長夜深 終於天曉
暗黑的心 才最叵測 難料
同伴太多 沿路過太多 留下太少
別算人或妖 鬼影 心竅
有酒今宵 讓最困擾 忘掉
如夢初醒 明明還在笑怎麼哭了
鏡中緣 霧裡花 最假的 才越心跳
如夢不醒 明明流淚了怎麼失笑
怨很長 恨太多 唯愛太少
Thursday, June 24, 2010
Onee and his house
Onee is not much of a home maker and actually make a mess of it. Well, this one is taken BEFORE he messes it up.
Wednesday, June 16, 2010
Sunday, June 13, 2010
Zebraman 2 - Zebra City's Counter Attack Released in Tokyo
Its been like 6 years since we had Zebraman in 2004. It is a funny comedy directed by Takeshi Miike. Here is the trailer if you had missed it:
And now, in 2010, we finally get a sequel. Here is the Zebraman 2 Trailer:
And now, in 2010, we finally get a sequel. Here is the Zebraman 2 Trailer:
13 Assassins (2010)
This is a remake I will look forward to, especially since it is directed by Takeshi Miike.
Subscribe to:
Posts (Atom)