Web hijacking by router - a new method of advertisement by Belkin
I have just read this on the register and followed it up on usenet: http://www.theregister.co.uk/content/69/33858.html http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=BvSqb.24184%24jW5.427571%40twister.tampabay.rr.com&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26group%3Dnews.admin.net-abuse.email http://groups.google.com/groups?selm=c91e821d.0311051525.70aa9920%40posting.... It seems folks at Belkin followed up on verisign concept and implemented web redirection for marketing purposes (web request hijacking) on the router itself. There they did not even bother about mispelled domains or bad requests and just decided that every 8 hours it would be ok to replace your original webrequest (from any computer connected through that router) with one going to their own server advertising their product/service. How original of them! But for other router manufactures present on this list, make notice - DO NOT DO IT IN YOUR OWN PRODUCT EVER. I (and from newsgrousp there are appears to be many others with same opinion about it) do not want routers modifying my network packets without my knowledge about it and definetly not for marketing of your own products. In the mean time after this post, I'm off to datacenter room to look for any belkin products I can spot, after that follow up to Fry's would be necessary to buy replacements. -- William Leibzon Elan Networks william@elan.net
William - there may be legal recourse here - What I think Belkin has just done is provided precedent for anyone trying to beat any Online Case by their saying "it was the router"... and then the ISP would have to prove that there was no problem in the routers and that they were not rewriting the headers of the datagrams or packets under software control, either intentionally or by some hacker attacking the Router and implementing a IOS rule or replacement in the IOS OS environment. Either way this is really bad news for Law Enforcement unless they react quickly and put legislation in place to prevent anyone from rewriting a request or misrepresenting the request address translation. In fact this may already be covered under the Super DCMA laws in a couple of states because the router or DNS lookup effectively changes the IP addresses from what they "were intended to be"... Just an amusing idea. Todd ----- Original Message ----- From: <william@elan.net> To: <nanog@merit.edu> Sent: Friday, November 07, 2003 2:37 PM Subject: Web hijacking by router - a new method of advertisement by Belkin
I have just read this on the register and followed it up on usenet: http://www.theregister.co.uk/content/69/33858.html
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=BvSqb.24184%2 4jW5.427571%40twister.tampabay.rr.com&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3D UTF-8%26group%3Dnews.admin.net-abuse.email
http://groups.google.com/groups?selm=c91e821d.0311051525.70aa9920%40posting. google.com
It seems folks at Belkin followed up on verisign concept and implemented web redirection for marketing purposes (web request hijacking) on the router itself. There they did not even bother about mispelled domains or bad requests and just decided that every 8 hours it would be ok to replace your original webrequest (from any computer connected through that router) with one going to their own server advertising their
product/service.
How original of them! But for other router manufactures present on this list, make notice - DO NOT DO IT IN YOUR OWN PRODUCT EVER. I (and from newsgrousp there are appears to be many others with same opinion about it) do not want routers modifying my network packets without my knowledge about it and definetly not for marketing of your own products.
In the mean time after this post, I'm off to datacenter room to look for any belkin products I can spot, after that follow up to Fry's would be necessary to buy replacements.
-- William Leibzon Elan Networks william@elan.net
"The router would grab a random HTTP connection every eight hours and redirect it to Belkin's (push) advertised web page." "In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products..." Do they not realize that this has a strong possibility of breaking any web application every eight hours? What happens when a call to a site's javascript file, stylesheet, internal frame page, or XML data gets replaced by a Belkin advertisement? The site breaks and they get a support telephone call. Major class action lawsuit material, not just by every Belkin user but by every web publisher on the Internet. Adam
At 2:37 PM -0800 11/7/03, william@elan.net wrote:
bad requests and just decided that every 8 hours it would be ok to replace your original webrequest (from any computer connected through that router) with one going to their own server advertising their product/service.
It appears that they've learned their lesson. This is tacked at the bottom of the front page at Belkin.
Important message from Belkin: We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
-- Kee Hinckley http://www.messagefire.com/ Next Generation Spam Defense http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's.
At 11:42 PM 11/7/2003, Kee Hinckley wrote:
It appears that they've learned their lesson. This is tacked at the bottom of the front page at Belkin.
Important message from Belkin: We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Imagine that... they listened to the community. Should they actually follow up on this and remove this abomination from their firmware, I'd suggest they should earn back some respect.
DS> Date: Sat, 08 Nov 2003 00:16:11 -0500 DS> From: Dave Stewart DS> Imagine that... they listened to the community. I hate to imagine a Verisign/Belkin hybrid router. (Would that mean that a random, HTTP request to valid FQHN would work once every eight hours? Firmware release only after ICANN threats?) Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
Dave Stewart wrote:
At 11:42 PM 11/7/2003, Kee Hinckley wrote:
It appears that they've learned their lesson. This is tacked at the bottom of the front page at Belkin.
Important message from Belkin: We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Imagine that... they listened to the community.
Should they actually follow up on this and remove this abomination from their firmware, I'd suggest they should earn back some respect.
I'll look to see if they are making something I'd be willing to buy (buggy whips, perhaps?) in 200 years. The time to be cautious about your reputation is before you do some- thing criminally stupid.
william@elan.net wrote:
How original of them! But for other router manufactures present on this list, make notice - DO NOT DO IT IN YOUR OWN PRODUCT EVER. I (and from newsgrousp there are appears to be many others with same opinion about it) do not want routers modifying my network packets without my knowledge about it and definetly not for marketing of your own products.
Note, I am no legal professional here, but to looking forward to others being stupid; In the UK I am reasonable certain that this breaks a number of separate laws that no amount of "EULA" type small print can get around. For those interested, I suggest looking at the protection offered (assuming this product is sold to consumers in the first instance) the various "Sale of Goods" acts, UK and EU "unfair terms in [consumer] contracts" ("but the small print says..."), "computer misuse act" (modification of data without permission), data protection (leaked URLs) and I am sure many more. Now if only we had government departments that actually cared and helped lean on these types of idiot. I hope that the US - the largest single market for technology products I assume - has a similar bunch of useful [consumer] law. Peter
Peter Galbavy wrote:
I hope that the US - the largest single market for technology products I assume - has a similar bunch of useful [consumer] law.
I don't. Who needs a bunch of laws (and accompanying bureaucrats and lawyers) when market pressure dealt with the issue quickly and forcefully. Bradley
Peter Galbavy wrote:
I hope that the US - the largest single market for technology products I assume - has a similar bunch of useful [consumer] law.
I don't. Who needs a bunch of laws (and accompanying bureaucrats and lawyers) when market pressure dealt with the issue quickly and forcefully. No doubt. But still it should have been clear to them this is not allowed in the first place... And besides that haven't we just seen how "market
On Fri, 7 Nov 2003, Bradley Dunn wrote: pressure" works in case of Verisign where there were getting millions of dollars of extra income and did not care what others say! Btw - here is Belkin's apology posted on usenet: "From: Eric Deming (ericd@belkin.com) Subject: Re: [OT-evil marketing] Belkin does Verislime one better - router spam! Newsgroups: news.admin.net-abuse.email Date: 2003-11-07 20:00:08 PST All, We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future. We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed. I'll keep posting as things develop. Stay tuned..." I have to note that first email post by the same person from Belkin has been removed from google (the post where he revealed why the did it in the first place). This was surprising as it would seem belkin did not know usenet is not google-only service so if it appeared at google groups, many many others would have had copy locally at thousands of places. And for those who did not, somebody made sure an extra copy was available on the web at: http://slashdot.org/comments.pl?sid=85076&threshold=1&commentsort=0&tid=153&mode=thread&cid=7419497 I'm not sure if its the hundreds of people saying they will never buy from belkin again or if its the actual legal problems (what they did probably broke laws and if it did not it would make them liable in certain cases of redirection happen at very inconvient moment) that forced belkin to react so quickly, but I'm happy they are doing it and taking responsibilityh and hopefully this will establish good precident in case somebody else was considering something similar (i.e. don't you dare imitate verisign!) Would be interesting to see if their current advertisement (every 8 hours) page would now be replaced with "We're so sorry that you're seeing this page, please make sure to download our latest patch so your router never bother you again and would keep us out of legal trouble" message... -- William Leibzon Elan Networks william@elan.net
In message <Pine.LNX.4.44.0311072211400.3208-100000@sokol.elan.net>, william@el an.net writes:
Would be interesting to see if their current advertisement (every 8 hours) page would now be replaced with "We're so sorry that you're seeing this page, please make sure to download our latest patch so your router never bother you again and would keep us out of legal trouble" message...
The Belkin posting reproduced on Slashdot indicates that when you unsubscribe via their Web page, it modifies the configuration of your router. Say, what? There are ways in which an external Web server can change things on my box? How is that secured? I can think of lots of bad answers to that question, and not very many good ones. --Steve Bellovin, http://www.research.att.com/~smb
May be they simply flag your router to not redirect to any web site, but the router still goes every x hours to their site to verify the current redirect status of your product. This wouldn't require admin privileges on your box to be done... but could make every router with such firmware DoS'able; just blackhole the Belkin site and every such request would need to timeout before the router resumes normal behaviour. Rubens ----- Original Message ----- From: "Steven M. Bellovin" <smb@research.att.com> To: <william@elan.net> Cc: <nanog@merit.edu> Sent: Saturday, November 08, 2003 11:44 AM Subject: Re: Web hijacking by router - a new method of advertisement by Belkin
In message <Pine.LNX.4.44.0311072211400.3208-100000@sokol.elan.net>,
william@el
an.net writes:
Would be interesting to see if their current advertisement (every 8
hours)
page would now be replaced with "We're so sorry that you're seeing this page, please make sure to download our latest patch so your router never bother you again and would keep us out of legal trouble" message...
The Belkin posting reproduced on Slashdot indicates that when you unsubscribe via their Web page, it modifies the configuration of your router. Say, what? There are ways in which an external Web server can change things on my box? How is that secured? I can think of lots of bad answers to that question, and not very many good ones.
--Steve Bellovin, http://www.research.att.com/~smb
participants (11)
-
Adam Selene -
Bradley Dunn -
Dave Stewart -
E.B. Dreger -
Kee Hinckley -
Laurence F. Sheldon, Jr. -
Peter Galbavy -
Rubens Kuhl Jr. -
Steven M. Bellovin -
todd glassey -
william@elan.net