What do you mean censored ?? ( i haven't come across anything censored for me so far :/ )

I thought it was insecure to do online banking if you use any other dns than your own ISPs ?

@moogle

TM applies DNS blackhole-ing on certain political and *ahem* websites on their own DNS servers.. as in the site will resolve to 127.0.0.1 if you use their DNS. I used to use OpenDNS but I switched to Google DNS because its faster (5ms latency > 250ms) and doesn't have those annoying ads when you mistype a URL.

TM's DNS server is also rather unstable at times for some reason..

Ah i see. Well would i be able to safely do my internet banking using google public dns or is that insecure ???

And hm isn't it illegal to black hole other political websites (non-terrorists ones anyway) ??? Oh nevermind, we are in boleh land

This post has been edited by Moogle Stiltzkin: Jun 15 2010, 06:33 PM

----------

Hello kengsim,

Has this issue of yours been resolved? Are you able to log into your DIR-615 router and configure DDNS and port forwarding to allow your IP security cam to be viewed from the outside (and hopefully securely)? Did they give you your unique password for the Admin account or Operator account (if it is good enough)?

Thanks.

UGPM

---

Added on June 15, 2010, 7:08 pmGuys, I accidentally posted some info here that should have been in a PM but I damn blur, clicked on Reply instead. That info is of interest to some ppl here, but I think it's better not to leave it out in the open.

If any of you happened to see that reply (I tried to take it down as quickly as I can), please don't reproduce it. Don't want TM to start messing with their service again.

This post has been edited by kengsim: Jun 15 2010, 07:08 PM

@kengsim

Are we really going back to this security through obscurity stage again? If you don't put it out in the open, TM isn't going to fix it. If they've started 'fixing' their DIR-615's, it's nothing a re-flash can't settle. It's best to have a secure and open system than this whole "I know but I can't tell you" bullshit TM is pushing on us. Might as well lock this thread + delete all the info since after people have benefited from it, they don't want to share their own knowledge with the community.

Don't get me wrong, I'm not trying to hide information from anyone here. It's not like I want TM to deny us their router login password. In fact, I think they're wrong in doing that. But TM, like the rest of our government, doesn't always do what is right and proper. They have an odd (and often idiotic) way of doing things and since when do they care about consumers? We can go against them and make lots of noise about this issue, but will it lessen their resolve to irritate us? I don't think so. In fact, I can even talk to Jeremy Kung, Executive Vice President, Consumer about this issue but it won't change anything. They have decided that users shouldn't be able to log into the DIR-615 router and they'll keep doing whatever it takes to implement that.

It's precisely the fact that they can push a new firmware through to our routers to reset the password again that is making me reluctant to reveal that information. If you want, I can shout it out here. I can also tell TM that their latest effort to block/change the password has been thwarted, so they should start pushing new firmware and login passwords down to our routers asap. Maybe this time, they'll be smart enough to use unique randomized passwords for every single UniFi account. Then I'll be locked out, and everyone else too. And maybe next time, it'll be for good.

Those who asked me, I've answered truthfully. I just don't see the point of posting it everywhere only to alert TM so quickly so that they can change their tactics, again. You're the boss of this thread and I've given you the info. If you insist, go ahead and post it. You don't need my permission.

Google Open DNS redirection a risk for internet banking :/ ??

This post has been edited by Moogle Stiltzkin: Jun 15 2010, 08:11 PM

@kengsim

First of all, I didn't mean to offend you. I'm not the 'boss' of this thread, I'm just here to help as many people as I can.

However, I believe you're wrong to assume that they can simply just push new firmware onto your DIR-615 to lock you out. It's simply not possible if you've secured your DIR-615 properly. The info you sent me is also not standardized. There's a reason I haven't told anyone and it's not because I fear they'll lock us out.. it's because every technician who does the install has his own method of setting up the username/password combination for both those accounts. For some people, they might follow your install method and for others they don't even bother to change it. That's why I recommended that people ask TM about this user/pass combination because it will be written down on the install slip when they're done. It's more of a personal install method based on who your technician is rather than a new method they're trying to lock people out.

You should know that hitting the reset button on the router resets the firmware back to its default password. Nobody can be locked out simply because TM chooses to do so. If that was the case, they would have already changed the password remotely for every user affected by their remote management issue.. which they have not. Even if they hardcode the username/password into a new firmware, its re-flashable to the current 7.05.

Anyway, it's not the lack of information that's pissing me off.. it's the attitude that you cant say something in public because you fear TM will do something about it.

http://forum.lowyat.net/topic/867524

Look at this thread, when I posted the information on the new UTP protocol back in 2008 I got flamed to heck because some people said TM will patch it.. they never did and it works till today. Yet, these people were not afraid to use the information I posted to their own benefit.

Frankly, I'm done with Unifi. There's nothing much for me to do and the only reason I'm here is to help people, mainly new users. If people get new Unifi installs in July+ and TM has upgraded their firmware to 7.06+ or are using a new router, don't expect any knowledgeable person who already has Unifi installed to be able to help them out .. because nobody is willing to share any information in the event that 'TM fixes it'.

To me, they've already won because people are so afraid to be locked out of their own hardware again that the flow of updated information to people who CAN unlock it has been completely stopped. You're forgetting that it was because users shared this information on how to 'unlock' your router in the first place that you are aware of the gaping security holes in your TM DIR-615 and are able to use your own hardware with the service.

@moogle

Nope

This post has been edited by rizvanrp: Jun 15 2010, 08:20 PM

Okay, if you put it that way then I understand fully. Hopefully TM doesn't even bother to monitor forum chatter about their service.

So back to the question of the router password. The technicians who installed my UniFi seemed to have follow a SOP; they were very new at it and didn't know very much about what they were doing. They had a sheet of paper with instructions which they followed, so I assumed at some point in time, the password will be changed to follow that SOP.

I know that we the users, being the resourceful human beings that we are, will more likely find a way to circumvent anything they can throw at us. It's just a hassle. I'd like my current setup to work for as long as possible and I hope that all you guys who are currently locked out of your routers will be able to find a way in. The problem is not everyone is as knowledgeable as you, @rivanrp and most of us can barely configure our own routers.

So anyway, since you have clarified it that way, I'll just say it. The technicians who installed my UniFi weren't exactly trying to hide the router password when they changed it (they were required to). In my case, it's the username spelled backwards. This applies to both the Admin and Operator accounts. Those who've been locked out of your routers, try that out and see if it works.

For the moment, I've done my port forwarding and I can access my IP cam from outside. I've also forwarded the necessary ports for BT as well as Steam.

Cheers!

Thx


@kengsim

I can see where you are coming from. But without sharing tips to circumvent these unfair policies (not to abuse mind), tmnut will be thinking they can walk all over us the consumer just because we don't put up a fight.

Tmnut has been watching this thread and it's a shame they refuse to acknowledge their users would like to use their own router without being forced down our throats to use their crappy router for no other reason except tmnut are bullies

It's just sad such a company who is a cash cow monopoly can't even be a little considerate for such a small thing. Yes the security issue which Riv has explained in depth is worrisome, but that isn't the only issue, as the ability to use our own router is quite a big issue which tmnut is just turning a blind eye and try not to talk about. Kinda like how our politicians don't talk about problems they wish to ignore and hope they blow over (French Submarines and sickeningly high commissions for doing nothing really COUGH COUGH !!!!)

I don't know of any other company that goes out of their way to piss off their customers for no good reason except that they are cocky and they can do it with disregard. That is tmnut for you


Tomorrow i'm getting Unifi, so hopefully i can use Riv's guide to block out any remote tampering so any future policy won't screw me over if they decide to force update firmware remotely I just feel sorry for the other people who will only be able to get Unifi at a much later date.

This post has been edited by Moogle Stiltzkin: Jun 15 2010, 08:51 PM

@kengsim

Thanks for posting that . Here's the deal @ the technical level though, once you've secured your router.. I don't believe there is any secondary application running on the DIR-615 that is able to perform a remote reconfiguration of your router. I have seen their install notes and it doesn't seem to include changing the 'operator' account details, so I'm guessing this is just something they've been told to do by their superiors or other technicians recently (like, after the articles hit the newspapers).

Some use the username backwards, some use 'unifi' spelled backwards.. it's really up to them. Bottom line is as long as it's firmware 7.05, the reset button will reset these to their default values.

They won't be able to change your settings remotely if you've followed the security guide but my main fear is what's going to happen 6-12-24 months down the line. In the event that your DIR-615 fails and you need a replacement, what are you going to do? If you pick up their new hardware and it's fully locked down without any information on the Internet, you're pretty much screwed if you're the average user.

If people are not made aware of what TM is doing, nobody will be able to help each other. In the end, everyone loses and TM wins. If TM wants to take this path.. there's always going to be a new technical challenge and we'll just have to face that. It's really counterproductive to just sit here and hope that TM will not lock down their routers in the future.

Those guru here, correct me if I'm wrong.

The TR-069 protocol allows remote monitoring and remote firmware updating by the ISP. It's originally meant for ensuring the service runs smoothly and that users (even noobs) will be able to get the latest firmware and such. But we know that ISPs like TM will abuse it to snoop on their customers as well as push down firmwares to enforce their stupid policies.

If you log into your router as operator you can turn TR-069 off, but if you do that, God knows what TM will do to you. Maybe they'll interrupt your service and send a technician over to re-enable TR-069.

I don't even have TR-069 running.. using a custom router at the moment. Been this way for over a month now

EDIT: They should just give the whole locking-the-user out thing a bloody rest. Even if people opt to use their own hardware, most of them will use the DIR-615 as a VLAN bridge. TM's happy, dlink's happy, user's happy.

This post has been edited by rizvanrp: Jun 15 2010, 09:02 PM

riv said it already , you dont have to worry much on your part. The router has a non volatile memory area the ROM and NVRAM as well , basically its going to revert back to its factory settings when you do a hard reset. Heck even PDA does this , and a lot of other gadgets. For TM to change things , they would have to program it in a new firmware - I doubt they are going to do this . So basically you're good to go.

Dont worry Moogle , well just like the iDevices , there will be always a loophole. Its just matter of having the right person to discover it and sharing it with the rest of the people.

[quote=prasys,Jun 15 2010, 09:05 PM]riv said it already , you dont have to worry much on your part. The router has a non volatile memory area the ROM and NVRAM as well , basically its going to revert back to its factory settings when you do a hard reset. Heck even PDA does this , and a lot of other gadgets. For TM to change things , they would have to program it in a new firmware - I doubt they are going to do this . So basically you're good to go.

Dont worry Moogle , well just like the iDevices , there will be always a loophole. Its just matter of having the right person to discover it and sharing it with the rest of the people.

[/quote]


I hope so.... i'm just a non technical consumer living off the scraps the senseis riv and others care to share. Without that i would be screwed

My router just shipped too ;_; if the fix doesn't work, that would be one expensive paper weight hehe.


[quote][quote=rizvanrp,Jun 15 2010, 08:59 PM]
I don't even have TR-069 running.. using a custom router at the moment. Been this way for over a month now

EDIT: They should just give the whole locking-the-user out thing a bloody rest. Even if people opt to use their own hardware, most of them will use the DIR-615 as a VLAN bridge. TM's happy, dlink's happy, user's happy.

[/quote]

Don't forget the cronies too Sell dlink dir-615, crony get $$ profit 6 figures commission

This post has been edited by Moogle Stiltzkin: Jun 15 2010, 09:39 PM

I realise that you can always reset the firmware to factory default if TM should mess things up with an forced update. But that's not what I want; it's a hassle and a pain in the butt. I wish TM would see things our way, but being the asses that they are, they won't. Besides, it's not like we consumers have other viable broadband alternatives, thanks to our BN government's preference for monopolistic GLCs. Okay, I won't get into politics.

I'm still using the DIR-615 for the moment; I hate the fact that it doesn't have gigabit Ethernet like my DIR-655 or the WRT-610N (my backup router). Transferring large files to and from my DNS-323 NAS is a real pain. I think when things settle down a bit, I'm gonna configure the DIR-615 as a VLAN passthru and put back my DIR-655.

Hey while we're at this topic, where do I get my Streamyx Zone ID/password? They didn't give it to me. And don't we get an email account? Nobody told me anything either. Stupid TM...

This post has been edited by kengsim: Jun 16 2010, 12:00 PM

HEy guys i wanna ask is Unifi in Klang, Meru already???

nope.. most probably next year

You get a 2GB email account with a different pass than the PPPoE.. then there's the 5 digit 'password' for the VOIP line, might be the voice mailbox or something. Have to call them and ask for it if they didn't give you the install slip