[64989] in North American Network Operators' Group
Re: Web hijacking by router - a new method of advertisement by Belkin
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sat Nov 8 08:45:18 2003
From: "Steven M. Bellovin" <smb@research.att.com>
To: william@elan.net
Cc: nanog@merit.edu
In-Reply-To: Your message of "Fri, 07 Nov 2003 22:32:25 PST."
<Pine.LNX.4.44.0311072211400.3208-100000@sokol.elan.net>
Date: Sat, 08 Nov 2003 08:44:32 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <Pine.LNX.4.44.0311072211400.3208-100000@sokol.elan.net>, william@el
an.net writes:
>
>Would be interesting to see if their current advertisement (every 8 hours)
>page would now be replaced with "We're so sorry that you're seeing this
>page, please make sure to download our latest patch so your router never
>bother you again and would keep us out of legal trouble" message...
The Belkin posting reproduced on Slashdot indicates that when you
unsubscribe via their Web page, it modifies the configuration of your
router. Say, what? There are ways in which an external Web server can
change things on my box? How is that secured? I can think of lots of
bad answers to that question, and not very many good ones.
--Steve Bellovin, http://www.research.att.com/~smb
