This network device vendor made one terrible blunder

TP-Link Talon AD2700
Networking equipment vendor TP-Link has reportedly “forgotten” to renew two domains that are used to access the administrative panels of its devices. Typically, domain names are easier to remember for customers versus numeric IP addresses — but TP-Link’s mistake shows how they can lead to problems.

Cybermoon CEO Amitay Dan said on Friday that TP-Link lost control of its tplinklogin.net domain because it forgot to renew the address. Rather than forking out money to regain the domain from an external company that happened to scoop up the address, TP-Link instead decided to update its online manuals by removing the domain name references altogether.

“The logic behind using [a] domain in the first place, instead of an IP address, is the main problem here,” Dan said in a blog. “Forgetting to buy the domain is the second mistake. While checking how many users are trying to use it, I’ve realized that’s this is effecting plenty of people. My advice is to block the domain by the ISP.”

Computerworld followed up with a report stating that another TP-Link domain that is typically used with its Wi-Fi extenders, tplinkextender.net, is now owned by an anonymous entity that will gladly sell the address. The owner of the other domain, tplinklogin.net, has a For Sale sign posted as well. Thankfully, both domains reportedly don’t connect to a TP-Link device.

Customers who own a TP-Link router or extender, and enter the provided domain address in their browser, should still pull up the control panel instead of the domain’s sell page. To verify this, Computerworld did a factory reset of TP-Link’s TL-WR841N router, and then entered the tplinklogin.net address into a browser while the router remained offline. This brought up the internal administrative website, which also loaded up when the domain was entered into the browser once the router was physically connected to the Internet.

The big security issue here regarding the two uncontrolled domains is that when TP-Link customers use the tplinklogin.net domain to access TP-Link devices other than routers (like an extender), it will pull up a public Internet web page instead of the internal logon page. Currently, that address leads to a page provided by Sedo’s Domain Parking service, but could play host to a malicious site in the future.

“If cybercriminals get their hands on this router configuration domain, it could become a significant tool for malware distribution using simple instructions, for example, to ‘download new firmware to your router,’” said Lior Kohavi, CTO at CYREN. “There is also the possibility it could be used for phishing. After all, this is a domain that receives a large number of visitors each day, as users are actually instructed to visit the site. It’s this large number of ‘natural’ and trusting visitors that makes this domain so potentially valuable to criminals.”

Ultimately, the ideal setting would be to write down or memorize the actual device IP address. Another option would be to get a router that cannot be configured, such as the OnHub router from Google and similar “closed” devices. These offer nearly no options to adjust, and are accessible through a mobile app.

Smart Home

Best Buy offers a slew of Black Friday deals for smart home, security, and Wi-Fi

Building the excitement for Black Friday, Best Buy released its first round of deals for smart home, security, and Wi-Fi devices from Amazon, Ring, Lenovo, Philips Hue, Arlo, and Netgear. The deals in the first round expire November 11.
Mobile

Keep on clicking with the 10 best browsers for Android

Browsing the web on an Android device should not be a pain. Check out our picks for the best browsers for Android, so you can surf the web with greater ease and access a trove of unique features.
Computing

Hacker infects 100K routers in latest botnet attack aimed at sending email spam

An attacker is trying to infect your router with malware in order to send spam emails. If your router uses a Broadcom UPnP SDK, it could become vulnerable to this attack. So far, 100,000 routers worldwide have been infected.
Gaming

How to keep a PS4 in your pocket with the PlayStation Mobile app

Sony built the PlayStation 4 with smartphone and mobile integration in mind. Take a look at our guide for connecting your smartphone or tablet to a PS4, so you can browse profiles, trophies, and other content directly on your mobile device.
Computing

Cloudflare’s privacy-enhancing 1.1.1.1 DNS service comes to iOS and Android

Cloudflare's 1.1.1.1 DNS resolver service has been ported to mobile devices, and now anyone with an Android or iOS device can download it for free to take advantage of its speed and privacy-boosting features.
Gaming

The plug-and-play PC Classic joins the retro console bandwagon

Gaming company Unit-e is creating the PC Classic, a plug-and-play retro console that will come bundled with around 30 of the best DOS games. The system will support gamepads and keyboard setups.
Computing

Mozilla’s built-in price-tracking extension makes it easy to shop with Firefox

Mozilla has heard those worries about Black Friday shopping, and is now introducing a new set of experimental extensions which aim to make it easier to find the best deals online.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they've accumulated files and misconfigured settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

Best Buy’s pre-Black Friday deal takes $330 off the 2017 Surface Pro bundle

If you don't need the latest Surface Pro, Best Buy has a heavily discounted rendition of the 2017 model available in its pre-Black Friday sale. For just $1,000, you can get the tablet with a Core i5 CPU.
Computing

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Computing

Buying a laptop on Black Friday? Don't make one of these rookie mistakes

Shopping for a laptop on Black Friday can win you some excellent deals, but you should also avoid making common mistakes. Check out what to avoid when buying a laptop for Black Friday and what danger signs to be wary of.
Computing

The Mac mini's price jump has crept into iMac territory. How do they compare?

Apple announced a long-awaited update to the Mac mini. Thanks to the updated specs and increase in price, it's begun to creep up to the base model iMac. In this guide, we now put up the specs on the newest refreshed Mac mini against the…
Computing

Our favorite Windows apps will help you get the most out of your new PC

Not sure what apps you should be downloading for your newfangled Windows device? Here are the best Windows apps, whether you need something to speed up your machine or access your Netflix queue. Check out our categories and favorite picks.
Computing

Ray tracing not an option until it comes to all graphics cards, says AMD

Although Nvidia already supports the ray tracing feature on its high-end new GeForce Turning series of chips, AMD seemingly hinted it doesn't feel like ray tracing is ready until it comes to all level of graphics cards.