I have just read this on the register and followed it up on usenet:
http://www.theregister.co.uk/content/69/33858.html
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=BvSqb.24184%24jW5.427571%40twister.tampabay.rr.com&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26group%3Dnews.admin.net-abuse.email
http://groups.google.com/groups?selm=c91e821d.0311051525.70aa9920%40posting.google.com
It seems folks at Belkin followed up on verisign concept and implemented
web redirection for marketing purposes (web request hijacking) on the
router itself. There they did not even bother about mispelled domains or
bad requests and just decided that every 8 hours it would be ok to
replace your original webrequest (from any computer connected through that
router) with one going to their own server advertising their product/service.
How original of them! But for other router manufactures present on this
list, make notice - DO NOT DO IT IN YOUR OWN PRODUCT EVER. I (and from
newsgrousp there are appears to be many others with same opinion about it)
do not want routers modifying my network packets without my knowledge
about it and definetly not for marketing of your own products.
In the mean time after this post, I'm off to datacenter room to look for
any belkin products I can spot, after that follow up to Fry's would be
necessary to buy replacements.
William - there may be legal recourse here - What I think Belkin has just
done is provided precedent for anyone trying to beat any Online Case by
their saying "it was the router"... and then the ISP would have to prove
that there was no problem in the routers and that they were not rewriting
the headers of the datagrams or packets under software control, either
intentionally or by some hacker attacking the Router and implementing a IOS
rule or replacement in the IOS OS environment.
Either way this is really bad news for Law Enforcement unless they react
quickly and put legislation in place to prevent anyone from rewriting a
request or misrepresenting the request address translation. In fact this may
already be covered under the Super DCMA laws in a couple of states because
the router or DNS lookup effectively changes the IP addresses from what they
"were intended to be"...
Just an amusing idea.
Todd
"The router would grab a random HTTP connection
every eight hours and redirect it to Belkin's (push)
advertised web page."
"In response criticism, a Belkin product manager came
forward this week to confirm the behaviour was
designed into the products..."
Do they not realize that this has a strong possibility
of breaking any web application every eight hours?
What happens when a call to a site's javascript file,
stylesheet, internal frame page, or XML data gets
replaced by a Belkin advertisement? The site breaks
and they get a support telephone call.
Major class action lawsuit material, not just by every
Belkin user but by every web publisher on the Internet.
Adam
bad requests and just decided that every 8 hours it would be ok to
replace your original webrequest (from any computer connected through that
router) with one going to their own server advertising their product/service.
It appears that they've learned their lesson. This is tacked at the bottom of the front page at Belkin.
Imagine that... they listened to the community.
Should they actually follow up on this and remove this abomination from their firmware, I'd suggest they should earn back some respect.
Date: Sat, 08 Nov 2003 00:16:11 -0500
From: Dave Stewart
Imagine that... they listened to the community.
I hate to imagine a Verisign/Belkin hybrid router. (Would that
mean that a random, HTTP request to valid FQHN would work once
every eight hours? Firmware release only after ICANN threats?)
Eddy
william@elan.net wrote:
How original of them! But for other router manufactures present on
this
list, make notice - DO NOT DO IT IN YOUR OWN PRODUCT EVER. I (and from
newsgrousp there are appears to be many others with same opinion
about it)
do not want routers modifying my network packets without my knowledge
about it and definetly not for marketing of your own products.
Note, I am no legal professional here, but to looking forward to others
being stupid; In the UK I am reasonable certain that this breaks a number of
separate laws that no amount of "EULA" type small print can get around. For
those interested, I suggest looking at the protection offered (assuming this
product is sold to consumers in the first instance) the various "Sale of
Goods" acts, UK and EU "unfair terms in [consumer] contracts" ("but the
small print says..."), "computer misuse act" (modification of data without
permission), data protection (leaked URLs) and I am sure many more.
Now if only we had government departments that actually cared and helped
lean on these types of idiot.
I hope that the US - the largest single market for technology products I
assume - has a similar bunch of useful [consumer] law.
Peter
Peter Galbavy wrote:
I hope that the US - the largest single market for technology products I
assume - has a similar bunch of useful [consumer] law.
I don't. Who needs a bunch of laws (and accompanying bureaucrats and lawyers) when market pressure dealt with the issue quickly and forcefully.
Bradley
Peter Galbavy wrote:
> I hope that the US - the largest single market for technology products I
> assume - has a similar bunch of useful [consumer] law.
I don't. Who needs a bunch of laws (and accompanying bureaucrats and
lawyers) when market pressure dealt with the issue quickly and forcefully.
No doubt. But still it should have been clear to them this is not allowed
in the first place... And besides that haven't we just seen how "market
pressure" works in case of Verisign where there were getting millions of
dollars of extra income and did not care what others say!
Btw - here is Belkin's apology posted on usenet:
"From: Eric Deming (ericd@belkin.com)
Dave Stewart wrote:
>It appears that they've learned their lesson. This is tacked at the
>bottom of the front page at Belkin.
>
>>Important message from Belkin:
>>We at Belkin apologize for the recent trouble our customers have
>>experienced with the wireless router/browser redirect issue. We will be
>>offering firmware fixes available for download early next week. We do not
>>have exact details yet but we can tell you now that each router's
>>firmware that incorporates Parental Control as an option will be changed.
>>
>>Please expect more detailed information to follow early next week. Thank
>>you.
Imagine that... they listened to the community.
Should they actually follow up on this and remove this abomination from
their firmware, I'd suggest they should earn back some respect.
I'll look to see if they are making something I'd be willing to buy
(buggy whips, perhaps?) in 200 years.
The time to be cautious about your reputation is before you do some-
thing criminally stupid.