UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
December
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#2316 - 11/11/03 09:09 PM Belkin Routers = Flaming pieces of Shit.
Chem Offline
UGN News Staff

Registered: 10/13/02
Posts: 364
Loc: Vagabond (Location Differs)
In a FirmWare Upgrade, Belking has added forced ads into its routers,

Quote:
Clem initially thought that the browser setting on the machine he downloaded the updated software had been changed. But when other machines displayed the same behaviour he realised his router was to blame.

The router would grab a random HTTP connection every eight hours and redirect it to Belkinís (push) advertised web page.
-------------------------------------------

Here's an article done by theregister

Quote:
The marketing geniuses at Belkin, the consumer networking vendor, have dreamed up a new form of spam - ads served to your desktop, by way of its wireless router.

Uh Clem. a former Belkin wireless router user, was perplexed to find machines on his network redirected to an ad for Belkin's new parental control system, following a software update.

Clem initially thought that the browser setting on the machine he downloaded the updated software had been changed. But when other machines displayed the same behaviour he realised his router was to blame.

The router would grab a random HTTP connection every eight hours and redirect it to Belkinís (push) advertised web page.

"It seems the router now supports a parental control and the market droids at Belkin got the bright idea of equipping the router with intrusive nagware," writes Uh Clem. "Of course, I have this strange notion that routers should pass data unmolested by marketeers!"

There is an opt-out link on the advertised page but this failed to appease Clem who, not unreasonably, objects to having to "opt-out from commercials from my router". Because of the ads, he's decided not to buy Belkin products again.

In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products as a way to make it easier for consumers to sign up to a free trial of its parental control software. Belkin's Eric Deming is keen to allay concerns about the technique which have produced sharp criticism of the company on the news.admin.net-abuse.email newsgroup.

"We don't have the ability to spam you at a later time if you select "No Thanks" or turn off the reminder manually," Deming writes. "I know this feature might be misunderstood and might PO some people. I know the manual could do a better job explaining it. These are all things that we at Belkin are working to remedy." ģ
---------------------------------------

But oh wait it gets better, Heres an email sent to Belkin regarding the new feature in its routers:

Quote:
Subject: Belkin "feature" breaks the Web: Class action lawsuit
From: [email protected] (Adam Selene)
Newsgroups: news.admin.net-abuse.email
Date: 7 Nov 2003 18:33:49 -0800

Eric Deming and others, I don't believe you truly appreciate the
scope of this "feature".

The Belkin router grabs a random HTTP request every 8 hours, and
redirects it to your reminder page.

The Belkin router grabs a random HTTP request **DESTINED TO ANOTHER
SITE**, and redirects it to your reminder page.

So, basically you've decided that any random HTTP request is not
important?


Let's look at the ways you are wrong:

A) A potential customer visits my web site, however the request
to a javascript file is redirected to Belkin. My site breaks
terribly. The user has no visual indication of the redirect,
and never visits my site again.

B) My web application makes a request to an XML web service to
pull data in the background. This request gets redirected to
Belkin, and the application sends a fatal error message. The
user telephones the 1-800 customer support desk, and technical
staff spend 20 minutes trying to diagnose the problem.

C) A user clicks on a premium pay-per-click-thru advertising.
The click is registered however the redirect is altered to
Belkin. I have been charged for a click-thru, but the user
never reaches my site.

D) A HTTP monitoring daemon is checking a website every 15
seconds. One such check is redirected to the Belkin website.
The monitoring daemon immediately pages third-party technical
support indicating a possible website intrusion. It is midnight,
and the third-party charges $1000 per incident off-hours.

E) A user is checking their webmail. Upon clicking a message
from their mother, they see instead the Belkin advertisement.
They call customer support and accuse our company of violating
our no-advertisement policy.

F) A delayed feed service pulls data via HTTP every minute.
A feed request is redirect to Belkin. The feed service encounters
this unknown data and terminates, sending out an administrative
alert.

G) The executive board room is remotely viewing the flash
presentation I created demonstrating my contact proposal.
Flash makes a background request for more files, one request
is redirected to Belkin. The presentation breaks and the
impatient board adjourns without viewing the proposal.

H) Pick any other scenario.

Once very eight hours is playing Russian roulette you won't
redirect a critical web request. Once every eight hours over
a population of hundreds of thousands of users is a statistical
*guarantee* that you are causing quantifiable damages to
almost every web publisher on the Internet.

The above scenarios are not hypothetical, they are real
risks you have now exposed me to.

I am now having my technical staff update the support section
of all websites my companies operate, providing notice to
Belkin users that if they see such an advertisement they
should visit their router's configuration page and disable
this "feature". Inevitably only 30% of users will understand
this, 30% of users will call *our* customer support desk, and
the rest will ignore it.

Are *you* going to pay my *costs* incurred from your "feature"?
--------------------------------------

And here's a Belkins reply, afterword, Belkin imidiatly forced Google to remove links and cache's to this email, luckily people had already archived it.

Quote:
From [email protected] Fri Nov 7 20:19:08 2003
From: [email protected] (Eric Deming)
Newsgroups: news.admin.net-abuse.email
Subject: Re: [OT-evil marketing] Belkin does Verislime one better - router spam!
Date: 5 Nov 2003 15:25:28 -0800
Organization: http://groups.google.com
Lines: 70
Message-ID:
References: <[email protected]> <[email protected]>
NNTP-Posting-Host: 67.98.73.254
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1068074728 22743 127.0.0.1 (5 Nov 2003 23:25:28 GMT)
X-Complaints-To: [email protected]
NNTP-Posting-Date: Wed, 5 Nov 2003 23:25:28 +0000 (UTC)
Xref: intern1.nntp.aus1.giganews.com news.admin.net-abuse.email:1466982

"JerryMouse" wrote in message news:<[email protected]>...
> Mr. Uh Clem wrote:
>
> [...]
>
> What does Belkin say when you complain?
>
> I'd make their life miserable until they removed the offending software from
> my machine.
>
> You did not conset to this aspect of your machine's modification - this is
> nothing less than malicious.
>
> Raise hell.

I was made aware of this posting by an e-mail that was sent to
Belkin's tech support e-mail box. Since I am a product manager for
Belkin's LAN products and was very involved with the development of
the Parental Control feature, I feel that I can shed some light on
this subject. Firstly, without trying to sound too stand-offish, we
are not talking about SPAM here. For me to clarify, an understanding
of the Parental Control service will really be needed.

Since Parental Control is a subscription service, Belkin wanted to
make registering for the service very easy. Since the router actually
will work in tandem with an outside server (Cerberian,
http://www.cerberian.com) registration information needs to be collected and
sent to Belkin and Cerberian to activate an account. Traditional
methods of registration, such as asking the user to go to a website or
navigate to the Router's internal Web page to enter information didn't
meet the ease-of-use goal. We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page. (Again remember, only
one http request every 8 hours). Admittedly, there is no controlling
which computer on the LAN this message will pop up on. If the user
just closes the window without clicking "No Thanks", then the flag is
never set, and the reminders will continue. Now, if you are the type
that doesn't want to click the "No Thanks" button, then no problem.
Navigate to the Router's internal web interface (default IP =
192.168.2.1), click on the Parental Control menu. In the Menu, select
"Don't Remind every 8 hours" (This phrase actually varies a bit, but
you get the idea) then click "Apply Changes". DONE. Nothing to it. By
the way, this procedure might have to be done if your router is behind
a firewall. Reason: filter.belkin.com sends a response to the Router
to set the flag. Firewalls will block the response. This might explain
the problem in a school for instance.

We did this not to be evil, we did this to make sure that any
non-techy person (part of our target audience) would have ample
opportunity to opt in or out of the free 6 month trial of the Parental
Control feature. The Router doesn't collect information on you and
send it to Belkin. We don't have the ability to SPAM you at a later
time if you select "No Thanks" or turn off the Reminder manually. I
know this feature might be misunderstood and might PO some people. I
know the manual could do a better job explaining it. These are all
things that we at Belkin are working to remedy.

Oh, one last bit, when upgrading firmware for the Routers that
originally shipped without the Parental Control feature, the new
firmware has this feature added. This was by popular demand. Our
customer install base began to notice the Parental Control feature on
new models that we are shipping, and wanted a solution for themselves
without having to buy a new product. So, we accommodated them.

I'm happy to answer any questions if you have any. Thanks!
------------------------------
_________________________
C++ Should Have Been Called "D"

Top
Sponsored Links
      
#2317 - 11/11/03 09:12 PM Re: Belkin Routers = Flaming pieces of Shit.
Chem Offline
UGN News Staff

Registered: 10/13/02
Posts: 364
Loc: Vagabond (Location Differs)
This was just posted on elkins site:

Quote:
Important message from Belkin:
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each router's firmware that incorporates Parental Control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.
Im still never going to buy a Belkin product after this,
_________________________
C++ Should Have Been Called "D"

Top

Moderator:  Infinite 
Featured Member
Registered: 03/02/02
Posts: 136
Forum Stats
2152 Members
46 Forums
36281 Topics
71451 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 29442
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
cdefgh368568, HushHush, golqm, Tim050, Gecko666
2151 Registered Users
Who's Online
0 registered (), 331 Guests and 352 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!