D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week

Submitted ⁨⁨9⁩ ⁨hours⁩ ago⁩ by ⁨Xatolos@reddthat.com⁩ to ⁨technology@lemmy.world⁩

https://www.tomshardware.com/tech-industry/cyber-security/d-link-refuses-to-patch-yet-another-security-flaw-suggests-users-just-buy-new-routers-d-link-told-users-to-replace-nas-last-week

source

Comments

Sort:hotnew top

irotsoma@lemmy.world ⁨1⁩ ⁨hour⁩ ago
I mean this is pretty standard in all industries regardless of whether it’s a software flaw or a physical flaw in any other kind of product. What’s the likelihood of a vacuum manufacturer replacing a part in a 15 year old product that had a 1 year warrantee even if it’s a safety issue?

source
- SplashJackson@lemmy.ca ⁨41⁩ ⁨minutes⁩ ago
  I work for a manufacturer with part catalogues going back to 1921, and while the telegraph codes no longer work, you could absolutely still order up a given part, or request from us the engineering diagram for it to aid in fabricating a replacement. You can also request service manuals, wiring diagrams, etc. Don’t all half-decent manufacturers do this?
  
  source
  - TheGrandNagus@lemmy.world ⁨18⁩ ⁨minutes⁩ ago
    
    Don’t all half-decent manufacturers do this?
    
    No. That is phenomenally uncommon. To the point it’s almost unheard of.
    
    source
tal@lemmy.today ⁨8⁩ ⁨hours⁩ ago
I mean, some of those EOLed nearly a decade ago.

You can argue over what a reasonable EOL is, but all hardware is going to EOL at some point, and at that point, it isn’t going to keep getting updates.

Throw enough money at a vendor, and I’m sure that you can get extended support contracts that will keep it going for however long people are willing to keep chucking money at a vendor – some businesses pay for support on truly ancient hardware – but this is a consumer broadband router. It’s unlikely to make a lot of sense to do so on this – the hardware isn’t worth much, nor is it going to be terribly expensive to replace, and if you’re using the wireless functionality, you probably want newer WiFi standards anyway.

I do think that there’s maybe a good argument that EOLing hardware should be handled in a better way. Like, maybe hardware should ship with an EOL sticker, so that someone can glance at hardware and see if it’s “expired”. Or maybe network hardware should have some sort of way of reporting EOL in response to a network query, so that someone can audit a network for EOLed hardware.

But EOLing hardware is gonna happen.

source
- db2@lemmy.world ⁨8⁩ ⁨hours⁩ ago
  
  all hardware is going to EOL at some point, and at that point, it isn’t going to keep getting updates
  
  EOLing hardware should be handled in a better way
  
  Both of these are solved by one thing: open platforms. If I can flash OpenWRT on to an older router then it becomes useful again.
  
  source
  - Rivalarrival@lemmy.today ⁨7⁩ ⁨hours⁩ ago
    Bingo.
    
    Either support the device until the heat death of the universe, or provide consumers with the access to maintain it themselves.
    
    source
  - thejml@lemm.ee ⁨6⁩ ⁨hours⁩ ago
    Definitely don’t this in the past (Linksys WRT54G!) but let’s be honest, the kind of people running 10yo Dlink routers aren’t going to flash new firmware, let alone OpenWRT or even know to look for it. It would have to come that way from the factory.
    
    source
- YaksDC@sh.itjust.works ⁨8⁩ ⁨hours⁩ ago
  This is the correct reaction to old home equipment.
  
  source
  - BearOfaTime@lemm.ee ⁨8⁩ ⁨hours⁩ ago
    Right?
    
    Something this old is going to be power inefficient compared to newer stuff, and simply not perform as well.
    
    I would know, I just booted up a 10 year old consumer router last night, because the current one died. It’ll be OK for a few days until I can get a replacement. Boy, is this thing slow.
    
    source
    -> View More Comments
- shininghero@pawb.social ⁨5⁩ ⁨hours⁩ ago
  I think there should be a handoff procedure, or whatever you want to call it.
  
  As EOL approaches, work with whatever open router OS maker is available (currently OpenWRT) to make sure it’s supported, and configs migrate over nicely. Then drop one last update, designed to do a full OS replacement.
  
  Boom, handoff complete.
  
  source
  - Brkdncr@lemmy.world ⁨5⁩ ⁨hours⁩ ago
    I’d support a regulation that defines either an expiration date or commitment to open source at the time the hardware is sold.
    
    source
- tabular@lemmy.world ⁨7⁩ ⁨hours⁩ ago
  When the users are in control of the software running on their devices then “EOL” is dependent the user community’s willingness to work on it themselves.
  
  source
Steamymoomilk@sh.itjust.works ⁨3⁩ ⁨hours⁩ ago
There right you and i should just buy a new one

Of a diffrent brand

source
Imgonnatrythis@sh.itjust.works ⁨7⁩ ⁨hours⁩ ago
I agree. Buy a new router that isn’t Dlink.

source
Iheartcheese@lemmy.world ⁨5⁩ ⁨hours⁩ ago

Our shit sucks. Buy more lol

source
psmgx@lemmy.world ⁨7⁩ ⁨hours⁩ ago
Welp never buying anything D-Link ever again

source
- pearsaltchocolatebar@discuss.online ⁨6⁩ ⁨hours⁩ ago
  Because they won’t support routers that were EOL a decade ago?
  
  source
  - SaharaMaleikuhm@feddit.org ⁨1⁩ ⁨hour⁩ ago
    Companies should be forced to release all source code for products that are “EOL”. I will never change my mind on this.
    
    source
  - Dran_Arcana@lemmy.world ⁨6⁩ ⁨hours⁩ ago
    Because that bug was so egregious, it demonstrates a rare level of incompetence.
    
    source
    -> View More Comments
anon_8675309@lemmy.world ⁨4⁩ ⁨hours⁩ ago
Why do they say they’re prohibited to provide support? That a bad translation?

source
skillissuer@discuss.tchncs.de ⁨8⁩ ⁨hours⁩ ago
but does it run openwrt?

source
sunbeam60@lemmy.one ⁨5⁩ ⁨hours⁩ ago
I moved to an OPNsense router a couple of years ago and I’ve never looked back. Hell is shitty consumer routers.

source
- CarbonatedPastaSauce@lemmy.world ⁨22⁩ ⁨minutes⁩ ago
  This is the way.
  
  source
andyortlieb@lemmy.sdf.org ⁨6⁩ ⁨hours⁩ ago
Commodity hardware & open source software for the win.

When my Western Digital NAS was never going to get critical security patches, I was so freaking glad to find out that they just used software raid… I threw them in a Debian server and never looked back.

It’s certainly nice to have things that are turn-key, but if you can find your way around any OS, just avoid proprietary everything.

source
Hobbes_Dent@lemmy.world ⁨8⁩ ⁨hours⁩ ago
No mercy from Low Level.

youtu.be/-vpGswuYVg8

source
- Deebster@infosec.pub ⁨6⁩ ⁨hours⁩ ago
  I watched and enjoyed that one yesterday, and he’s bang on the money. People here are saying “well it’s EoL” but that means it’s got all the way through development and its full lifetime with such a prominent set of bugs.
  
  I don’t think I’ll be buying D-Link if that’s what supported means.
  
  source
FutileRecipe@lemmy.world ⁨8⁩ ⁨hours⁩ ago
Same website (granted, different author, but), same inflammatory language, same vendor, referencing previous erroneous article…I’m not even gonna read this one. Just going to copy/paste my previous response from the previous post:

At a certain point it’s the consumer’s (and blog writer’s) fault, and that’s after EoL. Not patching a supported one and just getting rid of support, saying buy a newer one? Yeah, that’s bad.

Continuing to not support an EoL model that you already don’t support due to EoL (or even dropping support for an EoL model that no one expected you to support in the first place due to EoL)? Non-issue.

source
ch00f@lemmy.world ⁨6⁩ ⁨hours⁩ ago
Is DDWRT still a thing?

source
- pastermil@sh.itjust.works ⁨4⁩ ⁨hours⁩ ago
  OpenWRT is. Not sure if it’s supported on that hardware tho.
  
  source
Someonelol@lemmy.dbzer0.com ⁨5⁩ ⁨hours⁩ ago
Instead of trusting DLink with an off the shelf NAS, it might be easier to build your own with a Raspberry Pi running openmediavault hooked up to a couple of USB hard drives. It’s worked well for me for over 6 years now with no issue and could cost way less.

source