Articles
D-Link to padlock router backdoor by Halloween | PC World Business
D-Link plans firmware update to disable backdoor | The Register
From the horse’s mouth
D-Link
Update On Router Security Issue
My Comments
Recently, the computer press was awash with articles pointing to an exploit in some of the popular D-Link routers. Here, this has a computer on the local network pushing through a malformed URL to the router’s Web management page to bypass the login screen for the router’s management dashboard. This is more vulnerable with improperly-setup Wi-Fi network segments hosted by these routers or computers on the local logical network that are loaded with malware that takes advantage of this vulnerability.
Now D-Link are working towards offering revised firmware that fixes the exploit for each of the router models that are affected by this issue and is releasing this on their product support pages.
But of course, it is important to make sure that the wireless network segment that is part of your home or small-business network is secure with WPA2-Personal security and a random passphrase along with an SSID that doesn’t reflect the make or model of the router. Similarly, it is good practice not to enable remote administrative access on these routers and confine administrative tasks to the local network only.
This is in addition to other good computer housekeeping practices like running anti-malware software on your regular computers and being careful what you click on.
For that matter, I would encourage people to keep the firmware on their routers or other network hardware up-to-date in the same way we would keep operating systems and application software up-to-date.
