Deprecated FON Boards !

Hello world.

After purchasing a Siemens SE505 router (which are sold for cheap at eBay) I flashed DD-WRT v23 SP2 micro on it and configured my FON hotspot (WRT54GL) as well as my SE505 for WDS.

It works, but as soon as you connect to the SE505 there's no need for authentication! Neither will the FON portal appear - you just get direct internet access.

So, am I mistaking something or is it just another great FON feature?

regards,

Christian

nothing new
this "feature" already has been reported some weeks ago

Since it was me, who reported this bug explicitly on this board, I know that. But I thought only wired computers, that are connected to the WDS slave are affected. Actually also wireless clients on the WDS slave will bypass authentication.
As automatic WDS is still enabled by default (at least on the WRT54GL), FON is absolutely unsafe!

And our friends in Munich keep posting on their blog, that FON has a secure authentication system. (see: "FON.com bietet diese geforderte Schutzmöglichkeit in idealer Weise, da der Zugang zum Internet über den FON:Router nicht ungeschützt, sondern mit Userkennung und Passwort geschützt ist.")

Since they don't take action, it's time to report this to the press and consumer protection. Also T-Mobile - as their competitor - may be interested in admonishing this for "unfair competition".

I guess if it's possible with a WDS router, that it will also be possible without one: Just make you pc 'pretend' to be a WDS router, and surf all Fonspots without authentication?

It's, I did it with my notebook and firmware v. 6.6.0.

A couple of editors have contacted me and are likely to report about this issue after FON hasn't taken action for two months now.
Does anyone know, if la Fonera is of this affected, too?

fonera isn't afflicted, no WDS at all.

Hello, I will have our development team investigate. If you discover a bug in the future please e-mail or PM me and I will get it fixed.

Thank you for your quick reaction, Ross.

It would be great if the development team acutally fixes the problem and doesn't only disable WDS.

Any progress of the bug fixing so far?

This problem has been around for a long time. I found it when I first got my Fon AP, and reported it in May. Your "editor" friends should go ahead with the expose - this is very old news.

Here's the thread:
http://boards.fon.com/viewtopic.php?t=718

@Ross

5 weeks have passed now - will you guys ever fix this or not?

Hi,

@inquisitor : had you sent an email to ross ?

I have the problem to - sent an email to bugs@fon.com.
(according to: http://boards.fon.com/viewtopic.php?t=2006)

Can anyone post a current state ?

Thanks !

Ansas

I think Ross is on vacation right now.

@austinTX

Ross answered my email on the 8th and promised an answer this week.

Also my eMail to bugs@fon.com had been recieved...

Lets see what comes out of it....

Updates:
20070110 Got Ticket NR 070108-000085 - it is in development...
20070112 no further information

The week has passed and we're still waiting for an answer. Exemplary for FON.

Hi inquisitor, hi AustinTX,

as Ross told me in an past talk last summer there will be no further FON developement on the 0.6.6. firmware for the old routers.
I don't know if this statement is still valid for FON but I think thus we can forget about this bugfix.

Regards, Kyros

Hi,

in generally when, where and which Firmware this behavior is fixed is up to FON - because their people/resources/money are working on it.

But to have informations about it as "we are working on it" - or something else would be needed. Current status for me is: FON could not reproduce in the past (which I am am) so I can assist in this matter.

Simply - in a few weeks further - this goes to some IT newstickers - the pressure will come.
(known as Heise DOS.. 8-) )

I am not pushing anyone - and I do not thread FON with this, I simply cannot spread the FON "signal".

See you later in this matter....

Ansas

update 20070115:1502

Ross mailed via PM, he escalated this issue and will update this post with info.

If true, this would be very poor policy, and also another slap in the face of those who still find themselves bound to obligations by a company which does not see fit to uphold those obligations which it suggested it would.

Fon would do well to fully support the Linksys routers at least until the very last Linksys they sold has been on for a full year. It would also be unwise to dump thousands of people then, just because they don't have the proprietary el cheapo router.

Fon needs to move forward as a community which makes shared wifi accessible through whatever equipment that can be made compatible. In order to survive, Fon needs to move forward as a flexible system that shares a common membership base, not as a B-grade competitor that focuses too much on proprietary hardware, locked down systems and one-size-doesn't-fit-all financial terms.

If Fon could only learn to encourage cooperation instead of marching on, seeking ways to seize control.

Ross' answer is overdue more than a week now and the bug is unfixed for 2 months since FON officially took notice of it.

Great job guys!