In response to the Linksys advisory: Sent by: Linksys To: hypoclear@jungle.net cc: Subject: Linksys router security Advisory It's people like you that are responsible for everything costing so much these days. LinkSys makes a perfectly fine product. But you're so anxious to have some kind of news on your web site so your friends will think you're cool and you found something really big, that you'll go turn a non- issue into a major event, forcing the manufacturer to put unnecessary development into the product, thus increasing the cost of the product. I have to assume, based on your security advisory, that you either a)do not own a Linksys router, or b)do own one, but are not mentally proficient enough to operate it. The router only allows login to occur on the private network (the four pretty little plugs on the front) and you can not log into the router via the public network (the little plug in the back that says WAN). And thus, the only place where passwords are "submitted in plaintext" is on your local network when you login to the router. I suppose if 9-year old Tommy was running a packet sniffer in his bedroom, it could be considered a security risk, in that little Tommy may gain unauthorized access to the router's setup screens, from which the worst possible thing he could do would be to make a local computer completely visible on the internet. Furthermore, the HTML source code you referred to, wherein the password(s) are plainly visible, is only accessible to someone who has already entered their password and logged in on the router. In other words, the only person who would ever see those passwords in the HTML source is the person who has already used those passwords to set up the router. I'm not surprised that LinkSys has not responded to your assanine email attempts. This has to be the most ignorant "threat assessment" that I have ever read. I laugh at your use of the term "Security Advisory," as I have the feeling you wouldn't know a security risk if it ran through your router, up the ethernet cable, and slapped the minerals out of your mouth. If you want some material to post on your web site, why don't you start with the default configuration of Internet Explorer, Outlook Express, and WindowsNT file system permissions, all of which are set to the most vulnerable levels by default. While you're busy harassing LinkSys about a $90.00 router that doesn't prevent the four people using it from sniffing each other's TCP/IP packets, there are a hundred wanna-be developers writing ActiveX controls in pirated copies of Visual Basic to infect your computer with a virus, delete your files, or install the CodeRed worm on your system. Well, I hope your friends are impressed, because I sure as hell am not. -- A. Visitor