this post was submitted on 20 Nov 2024
751 points (100.0% liked)

Technology

67987 readers
3222 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
751
D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week (www.tomshardware.com)
submitted 4 months ago by Xatolos@reddthat.com to c/technology@lemmy.world
139 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] pearsaltchocolatebar@discuss.online 18 points 4 months ago (4 children)

Because they won't support routers that were EOL a decade ago?

[–] SaharaMaleikuhm@feddit.org 68 points 4 months ago (1 children)

Companies should be forced to release all source code for products that are "EOL". I will never change my mind on this.

[–] sfxrlz@lemmy.world 14 points 4 months ago (2 children)

Especially for stuff like medical implants

[–] nondescripthandle@lemmy.dbzer0.com 10 points 4 months ago

'Sorry, your eyes are no longer supported'

[–] sugar_in_your_tea@sh.itjust.works 4 points 4 months ago

And anything that touches on security (i.e. connected to the internet), and routers definitely count here.

[–] tiredofsametab@fedia.io 45 points 4 months ago

May 1st 2024 was a decade ago? (The article has a list and only two are old as you mention, though not quite a decade yet)

[–] Dran_Arcana@lemmy.world 31 points 4 months ago (1 children)

Because that bug was so egregious, it demonstrates a rare level of incompetence.

[–] NaibofTabr@infosec.pub 21 points 4 months ago (2 children)

that bug was so egregious, it demonstrates a rare level of incompetence

I wish so much this was true, but it super isn't. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all... and, well, there was the Crowdstrike thing...

[–] Dran_Arcana@lemmy.world 20 points 4 months ago* (last edited 4 months ago)

Idk, this was kind of a rare combination of "write secure function; proceed to ignore secure function and rawdog strings instead" + "it can be exploited by entering a string with a semicolon". Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends

[–] BigDanishGuy@sh.itjust.works 3 points 4 months ago

Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all

At the super budget prices Cisco charges, do you really expect quality control to be included? You've got to buy a quality control subscription for that. /s

[–] Corr@lemm.ee 7 points 4 months ago (1 children)

Most reached EOL in may of this year.

[–] pearsaltchocolatebar@discuss.online 2 points 4 months ago (1 children)

EOL is still EOL

[–] spankmonkey@lemmy.world 1 points 4 months ago

Then they can open source the code so someone else can fix the issue.