Page 1 of 2 12 LastLast
Results 1 to 10 of 24

Thread: Home routers under attack - archive

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Home routers under attack - archive

    FYI...

    - http://preview.tinyurl.com/2ubp3y
    February 15, 2007 ~ "If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code... Once the router has been compromised, victims can be redirected to fraudulent Web sites, the researchers say. So instead of downloading legitimate Microsoft software updates, for example, they could be tricked into downloading malware. Instead of online banking, they could be giving up sensitive information to phishers..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    More on this...

    - http://news.com.com/2102-7349_3-6159...=st.util.print
    Feb 16, 2007 ~ "...Router makers already know of the problems with default passwords as well as other security concerns, they said. Linksys, for example, recommends that customers change the default password during the installation procedure, said Karen Sohl, a representative for the company, a division of Cisco Systems. "We are aware of this," she said. On its Web site*, Linksys warns users that miscreants are taking advantage of the default passwords. "Hackers know these defaults and will try them to access your wireless device and change your network settings. To thwart any unauthorized changes, customize the device's password so it will be hard to guess," the company states. Still, although Linksys' software recommends the password change, consumers can either plug in their router without running the installation disk or bypass the change screen, keeping the defaults. The company offers detailed information on how to change the router password on its Web site. Netgear and D-Link also recommend password changes.

    Linksys:
    * http://preview.tinyurl.com/2awst3

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow

    FYI...

    - http://www.us-cert.gov/current/archi...html#drvbphrmg
    February 16, 2007
    ...The best defense against this type of attack is for home users to change their default password. The following links provide support resources for three of the more common home router vendors:

    * D-Link - http://support.dlink.com/faq/view.asp?prod_id=1997

    * Linksys - http://linksys.custhelp.com/cgi-bin/...p?p_faqid=3976

    * NETGEAR - http://kbserver.netgear.com/kb_web_files/N100651.asp
    ...

    .
    Last edited by AplusWebMaster; 2008-04-17 at 11:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    - http://preview.tinyurl.com/2pw3qg
    February 20, 2007 ~ "...The attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers. In an advisory* posted Thursday, Cisco listed 77 vulnerable routers in the lines sold to small offices, home offices, branch offices and telecommuters. The advisory recommended that users change the default username and password required to access the router's configuration settings, and disable the device's HTTP server feature..."

    * http://www.cisco.com/warp/public/707...215-http.shtml
    Updated: Feb 15, 2007

    > http://preview.tinyurl.com/yshqf

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Top 10 Passwords to Avoid

    FYI...

    - http://www.darkreading.com/document....988&print=true
    FEBRUARY 22, 2007 ~ "...Researchers at the University of Maryland recently completed a study in which four live Linux servers were set out as bait to see how often they would be attacked. The study racked up 269,262 attempts in a 24-day period... During that time, 824 attempts were successful -- the attacker got the server's username and password. On average, that means that each of the servers was "cracked" almost 10 times a day...
    Most commonly-guessed passwords in cyberspace, in order of frequency (to be avoided):
    * 1. (username)
    * 2. (username)123
    * 3. 123456
    * 4. password
    * 5. 1234
    * 6. 12345
    * 7. passwd
    * 8. 123
    * 9. test
    * 10. 1
    ...The username "root" -- which traditionally has given administrators access to multiple systems at the root level -- is by far the most frequently-guessed, with "admin" finishing a distant second..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy

    FYI...

    Default Passwords: A Hacker's Dream
    - http://www.informationweek.com/share...leID=202101781
    Sept. 26, 2007 - "...Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure. The biggest insecurity? Default passwords. "I'd say 85% of them were misconfigured routers. They had the default passwords on them," said Moore..."


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Drive-by Pharming in the Wild

    FYI...

    Drive-by Pharming in the Wild
    - http://preview.tinyurl.com/yqutaj
    January 22, 2008 (Symantec Security Response Weblog) - "In a previous blog entry* posted almost a year ago, I talked about the concept of a drive-by pharming attack. With this sort of attack, all a victim would have to do to be susceptible is simply view the attacker’s malicious HTML or JavaScript code, which could be placed on a Web page or embedded in an email. The attacker’s malicious code could change the DNS server settings on the victim’s home broadband router (whether or not it’s a wireless router). From then on, all future DNS requests would be resolved by the attacker’s DNS server, which meant that the attacker effectively could control the victim’s Internet connection. At the time we described the attack concept, it was theoretical in the sense that we had not seen an example of it “in the wild.” That’s no longer the case... In one real-life variant that we observed, the attackers embedded the malicious code inside an -email- that claimed it had an e-card waiting for you at the Web site gusanito . com. Unfortunately the email also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site. Now, anyone who subsequently tried to go to this particular banking Web site (one of the largest banks in Mexico) using the same computer would be directed to the attacker’s site instead. Anyone who transacted with this rogue site would have their credentials stolen... I would still recommend changing the default router password to something that’s more difficult to guess. For many other router models, doing so will protect you... Also, in general I’d recommend that you reset the router anyway before changing your password. This step ensures that if you have become a victim already, you can start with a clean slate..."
    * http://preview.tinyurl.com/2uqwug

    > http://blog.trendmicro.com/targeted-...ng-via-modems/

    - http://isc.sans.org/diary.html?storyid=3881
    Last Updated: 2008-01-24 02:11:21 UTC

    Last edited by AplusWebMaster; 2008-01-24 at 14:48.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Defending your router, and your identity, with a password change
    - http://www.cnet.com/8301-13554_1-988....html?tag=more
    March 8, 2008 - "...Every router, wired or wireless, has an internal website used to make configuration changes. Accessing this internal website requires a userid/password, something totally independent of any wireless network passwords... In brief, if your router is using the default password, your computer is vulnerable to an attack where the router is re-configured. Specifically, the dangerous configuration option is the DNS server... Malicious DNS servers can result in your visiting to a website, any website, and ending up at a phony version of the site run by bad guys. If the website is that of a bank or credit card company, and you enter a userid/password, you can kiss your identity, and money, good-bye..."

    - http://www.apwg.org/
    Released: 3 Mar 08 - APWG Releases Dec 2007 Phishing Trends Report
    (From the report - pg. 8, "Phishing-based Trojans – Redirectors")
    "...Along with phishing-based keyloggers we are seeing high increases in traffic redirectors. In particular the highest volume is in malicious code which simply modifies your DNS server settings or your hosts file to redirect either some specific DNS lookups or all DNS lookups to a fraudulent DNS server. The fraudulent server replies with “good” answers for most domains, however when they want to direct you to a fraudulent one, they simply modify their name server responses. This is particularly effective because the attackers can redirect any of the users requests at any time and the end-users have very little indication that this is happening as they could be typing in the address on their own..."

    Last edited by AplusWebMaster; 2008-03-10 at 13:51. Reason: Added info from APWG report...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Example: http://ca.com/us/securityadvisor/pes...x?id=453119651
    Latest DAT Release 03 13 2008 - "This fake codec is actually a hijacker that will change your DNS settings whether you are aquire your IP settings through DHCP or set your IP information manually. This hijacker will attempt to re-route all your DNS queries through 85.255.x.29 or 85.255.x.121 (RBN).... rogue DNS servers..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Linksys WRT54G firmware updates...

    FYI...

    Linksys WRT54G Security Bypass vuln - updates available
    - http://secunia.com/advisories/29344/
    Release Date: 2008-03-21
    Impact: Security Bypass
    Where: From local network
    Solution Status: Vendor Patch
    OS: Linksys WRT54G Wireless-G Broadband Router
    ...The vulnerability is reported in firmware version 1.00.9. Other versions may also be affected.
    Solution: Install updated firmware versions.
    WRT54G v5/v6: Install version 1.02.5.
    WRT54G v8: Install version 8.00.5.
    WRT54G v8.2: Install version 8.2.05 ...
    > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1247
    Last revised: 3/11/2008
    CVSS v2 Base score: 10.0 (High)
    "...allows -remote- attackers to perform arbitrary administrative actions.."

    Linksys WRT54G » Downloads
    - http://preview.tinyurl.com/2qykkj
    WRT54G v5/v6: Install version 1.02.5. (3/03/2008)
    WRT54G v8: Install version 8.00.5. (1/18/2008)
    WRT54G v8.2: Install version 8.2.05 (1/18/2008) ...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •