Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with …

A strain of the botnet malware Mirai has emerged focused on a wider set of embedded internet-connected devices. Researchers at Palo Alto Networks' Unit 42 this week stated that a variant of the notorious Internet-of-Things infector is now looking to hijack TVs and projectors designed to display information and adverts, as well …

The Broadband Forum has dropped the first open-source code in an access interoperability project designed to support cloud-based access infrastructure and services. The Open Broadband – Broadband Access Abstraction (OB-BAA) project was announced here and published here. Broadband Forum CEO Robin Mersh said the project helps …

ROUNDUPFireEye has borrowed from the credit card industry to try and detect malicious logins. The company's reasoning is that someone in Sydney at 9AM can't legitimately log into a system from (say) Hong Kong an hour later. So the company's announced GeoLogonalyzer to try to detect malicious logins by their source. A “geo …

If you're using a Netgear router at home, it's time to get patching. The networking hardware maker has just released a tsunami of patches for a couple of dozen models of its kit. The flaws were found by Martin Rakhmanov at infosec shop Trustwave, which has spent over a year hunting down programming gremlins in Netgear's …

NETGEAR has announced it will spin out its “Arlo” security camera range as a new, listed, company of the same name. The company chose its Q4 2017 earnings presentation to reveal the plan, which CEO and chairman Patrick Lo said has become necessary because “both NETGEAR and Arlo have reached the point where they can succeed by …

Wi-Fi router vendors have started issuing patches to defend their products against Google Chromecast devices. TP-Link and Linksys were first out of the blocks with firmware fixes, and TP-Link has posted this explanation of the issue. The bug is not in the routers, but in Google's "Cast" feature, used in Chromecast, Google …

Netgear NightHawk R7000 users who ran last week's firmware upgrade need to check their settings, because the company added a remote data collection feature to the units. A sharp-eyed user posted the T&Cs change to Slashdot. Netgear lumps the slurp as routine diagnostic data. “Such data may include information regarding the …

Netgear has warned customers about the trivial denial-of-service vulnerability discovered in its Intel-powered gigabit cable modems. The networking biz is advising owners of the CM700 gateway to sit tight while it figures out how to patch a weakness that leaves the modem prone to DoS attacks. In other words, there is no …

Neatgear has cocked up its cloud management service, losing data stored locally on ReadyNAS devices' shared folders worldwide – and customers have complained to The Register about only being informed four weeks later. This week, the San Jose-based networking business sent an email to customers, seen by The Register, confirming …

Netgear on Thursday said that four of its product lines may experience "higher-than-normal failure rates" and that it is contacting affected customers to assess whether replacement or repair is appropriate. "While this situation is not an immediate cause for concern about the operation of any of these models, we understand …

Netgear has broken ranks from the consumer router security shame factory to offer a bug bounty sporting extra rewards for chained exploits. Hoping to shake the SOHOpeless tag, the vendor will hand out up to US$15,000 for hackers reporting global remote unauthorised access from the internet to Netgear devices, and unauthorised …

Owners of three models of Netgear routers are being advised to exploit a security hole in their broadband boxes to, er, temporarily close said hole. The alternative is to switch off the boxes until a firmware update lands. Netgear says that the R6400, R7000, and R8000 series routers are all vulnerable to CVE-2016-582384, a …

There are multiple Web interface vulnerabilities in a network video recorder under Netgear's ReadyNAS brand and various devices by video recording company NUUO. The affected NUUO units are NVRmini 2, NVRsolo, and Crystal. The CERT advisory lists six Common Vulnerabilities and Exposures (CVE) notices attacked to the affected …

Yet another vulnerability in a SOHO broadband router that flew under the radar is starting to cause trouble in the wild. The authentication bypass in Netgear's WNR1000v4 device is documented here by Compass Security and in more detail by Shellshock Labs here. The short version, from Compass, is this: “an attacker can access …

FeatureLast week, I looked at two home camera systems: Arlo from Netgear and Welcome from Netatmo. To recap, Arlo is pretty much a straightforward cloud-based CCTV system, offering you cameras with motion sensors and notification, together with an app to view things on your phone. Netatmo's Welcome is a stand-alone camera – again …

Product Round-UpFor a great many people, there is only one place to look when talking about storing data somewhere other than their local storage in their PC, notebook or tablet – and that’s to the cloud. Best of both worlds: a dual-bay NAS can either double up on capacity or be configured to mirror data Yet there remain many others (this …

Sysadmin blogIs consumer networking gear really crap? As technologists, we tend to have a chip on our shoulder about it because it can't do all the things the latest, greatest enterprise stuff can do, but does that really matter? The capabilities of consumer gear have been steadily increasing, and perhaps some of our ire is unwarranted. …