[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] ASUS RT series routers


I know how DNS works. Call me paranoid, but I said "so far as I
can tell, the link is genuine" because you really cannot know
for certain if a website is what it claims to be unless they
are using signed certificates, and this is the case with ASUS.
I do not trust that a DNS server admin for a particular area
wouldn't redirect asus.com, or any other domain, to a site they
set up to bait victims, and when the web server does not have a
CA-signed certificate it is impossible to know if this is the
case without prior knowledge of the servers. This is why I
recommended that he check the e-mail headers .


Glad you were able to determine that the message you received wasn't a
fake; I would have been a bit skeptical of it, myself. Perhaps you
should see if ASUS would consider using HTTP with TLS - I am a bit
surprised that they aren't already. It seems amateurish and their
customers have no way to verify that they are downloading firmware
updates from a server actually owned by ASUS. Just my two cents.

On Wed, 26 Feb 2014 19:10:11 +0000
"Lightner, Jeff" <JLightner at water.com> wrote:

> The way DNS works ".asus.com followed by "/" means it is in fact
> going to asus.com (unless someone has been able to do DNS cache
> poisoning on the DNS server you're using).   That is to say
> everything above ".asus.com/" and below it would be the sign of a
> delegation from asus.com's DNS servers.
> If on the other hand you saw something like "asus.com.etrk.net" or
> "etrkasus.com" then there is no guarantee it goes to asus.com and a
> lot of fake links do that - put a valid domain name in the middle of
> something else to make you think it is the valid domain.  In such a
> case the "real" domain you're hitting is etrk.net or etrkasus.com
> rather than asus.com.
> What you posted is "valid" for asus.com (again assuming no issues in
> your own DNS lookups or hack AT asus.com)  Therefore I'd be inclined
> to trust the link you pasted as having come from Asus.
> However, as noted you should probably verify the headers of the FULL
> email to make sure it came from the path you think it did.   Often it
> will show something like "alerts at asus.com" as the sender but when you
> look through the full headers you find it came from somewhere like
> john at unrelated_business.com and may even have hopped through other
> email accounts like "why_trust at yahoo.ccom".
> One thing I do often see in bogus email is a link that does appear to
> be valid as shown but on being checked is NOT actually the link.
> (That is they mask the real link embedded in the email with label
> that LOOKs like a link. )   Often hovering over the link shown will
> show you what the real link is - if they're the same well and good -
> if they differ then it is almost certainly bogus.  If you click on a
> link like the one you sent us and it does a redirect that often
> happens on web servers (legitimately).  If however it immediately
> launches another URL without first having gone to the URL (albeit
> briefly) you clicked it is probably a sign that the embedded link
> isn't what it looked like.
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Dustin Strickland Sent: Wednesday, February 26, 2014 12:27 PM
> To: ale at ale.org
> Subject: Re: [ale] ASUS RT series routers
> Scott, so far as I can tell, the link is genuine, although asus.com
> does not appear to be using HTTPS, so... Perhaps you should look at
> the mail headers to see where it originated from.
> On Wed, 26 Feb 2014 11:15:20 -0500
> Scott Castaline <skotchman at gmail.com> wrote:
> > Anyone with an ASUS RT series router? I have the RT-N66U and
> > received and email today from ASUS_US at edm.asus.com, which I did not
> > recognize as having received any prior emails from that particular
> > address. The edm part concerns me the most. The email claims to a
> > Customer Care Notice with a link (Click Here  button) to download
> > firmware. With all that's been going on I just want to be sure that
> > this is legite as the site I wind up at is somewhat different from
> > what I had been to just after 2/14 for an update back then.
> >
> > http://etrk.asus.com/web_service/P/a.aspx?m=UnitedStates&c=website&e=8
> > 0&s=19764&md=0&t=A_1
> >
> > The above is the link copied from the email I received. Again just
> > checking, possibly just being overly paranoid, but just not sure.
> > Also I seem to be having problems accessing their site from my old
> > (worked fine last time I downloaded) bookmarks.
> >
> > Scott C.
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> Athena(r), Created for the Cause(tm)
> Making a Difference in the Fight Against Breast Cancer
> ---------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
> confidential information and is for the sole use of the intended
> recipient(s). If you are not the intended recipient, any disclosure,
> copying, distribution, or use of the contents of this information is
> prohibited and may be unlawful. If you have received this electronic
> transmission in error, please reply immediately to the sender that
> you have received the message in error, and delete it. Thank you.
> ----------------------------------
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo