D-Link 因為路由器與網路鏡頭不夠安全,被美國聯邦貿易委員會告

FTC 對於 D-Link 產品的安全性不符合宣稱而告下去了:「FTC sues D-Link over router and camera security flaws」。

D-Link claimed its routers were “EASY TO SECURE” with “ADVANCED NETWORK SECURITY,” but the FTC says the company failed to protect its routers and cameras from widely known and reasonably foreseeable risks.

The complaint also says security gaps could allow hackers to watch and record people on their D-Link cameras without their knowledge, target them for theft, or record private conversations.

D-Link 的 open source package 內包含了拿來簽名用的 Private Key

D-LinkDCS-5020L 的 open source package (因 GPL 要求) 裡放了簽名用的 private key:「D-Link spilled its private key onto the web – letting malware dress up as Windows apps」。

而這把 key 由 Verisign 所簽,因此被 Windows 所信任,所以這把 key 可以用來簽 malware:

而不幸的是,這把 key 已經洩漏出來超過半年了:

The D-Link key was leaked in late February, and expired on September 3, it appears.

又是一連串的 revoke 過程... orz

把家裡的無線網路換成 DD-WRT

看到「WRTnode Opened for $25」這個網站的時候,就想起來家裡還在用中華電信數據及提供的無線網路,訊號有點差... 算了一下 USD$25 就算不算運費也要 NTD$750 左右,還是到 PChome 24h 上找一台可以刷 DD-WRT 的機器來用...

後來是找到「D-Link Wireless N 實用版無線寬頻路由器 DIR-615」這台 NTD$399 的福利品:

會選這台是因為這台出一陣子了,雖然 802.11n 是 draft,但我在家裡用無線網路時不在意... 另外在 DD-WRT 的資料庫內是全部都支援,花白工的機會比較低:

拿到的時候背面可以看到是 E4 的硬體,對應到 DD-WRT 資料庫:

後面就照著官方的 Installation 文件做,把該設定的值設一設就收工了...