New version of Building Integration System from Bosch

Bosch Security Systems introduces a number of updates to its Building Integration System (BIS). The new version increases the range of supported devices, making it suitable for even the most complex integration projects.

Multi-biometric technology, dual-finger & face recognition

D-Station’s Multi-Biometric Fusion Technology™ is a perfect blend of fingerprint and face recognition technologies which delivers incredible matching accuracy and speed ...

Where are your vehicles now?

Our state of the art vehicle tracking systems uses GPS technology for locating the vehicle. Vehicle information can be viewed on electronic maps via a simple website on the Internet...

 

D-link routers security flaw grants easy access

imgres-1

D-link popular routers

D-link stated, that they will address their security leak – which enables unauthorized users to reconfigure router settings without the need for username and password – by the end of October. In other terms, the devices came with a security backdoor by factory default, which enables login bypass through it’s web interface.

Craig Heffner, the security expert for Tactical Network Solutions discovered and published this vulnerability. The security bypass is basically very simple: Your browser’s user agent string needs to be reset to “xmlset_roodkcableoj28840ybtide” character series (without quotes) and you already granted access to the router from local network, or – if remote administration is enabled – even from the internet.

The character series spelled backwards is “edit by 04882 joel backdoor”

The security firmware updates which are expected at the end of october will be available at D-Link’s official website for each affected models. “Owners of affected devices can minimize any potential risk by ensuring that their router has the Wi-Fi password enabled and that remote access is disabled,” D-Link said. “If you receive unsolicited emails that relate to security vulnerabilities and prompt you to action, please ignore it,” the company said. “When you click on links in such emails, it could allow unauthorized persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.”. The Company did not clarify which models are effected or why was the backdoor included in the firmware.

According the security expert’s examination, the following models are vulnerable: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240 and possibly DIR-615.

Unconfirmed yet, but model BRL-04UR and BRL-04CW which are manufactured by Planex Communications with the same firmware might also be vulnerable. It is advised to check and later update home and office routers as D-link is considered a reliable and well known brand on the market.

Sources: Pcworld.com, index.hu

Follow us on facebook!