Skip to main content

Elsewhere Online: Default Router Passwords Could Compromise Home Networks

This Slashdot story points up a vulnerability that some people might have left exposed on their home routers from companies like Linksys, D-Link and NetGear.

Whenever I set up a router, I make sure to reset the default password for that router. This is the password that allows you to setup and change settings within the router, not the password you might use to connect to your wireless network. That said, some of you might still be using the default password.

An exploit has been discovered that allows a malicious web page to access your router setup information, if it still uses the default password, and change settings within the router. Not a good thing.

If you are wondering if your router still has its factory default password, drop me an email at techiq@welchwrite.com and I can give you some instructions that will allow you to test for it.

Drive-By Pharming Attack Could Hit Home Networks

Rob wrote in with a link to a CBR Online article discussing drive-by pharming, a new exploitation technique developed by Indiana University and Symantec Corporation. While it's not known if the technique is in use 'in the wild', the exploit could easily co-opt the web-browsing habits of a user that had not properly configured their router. "The attack works because most of the popular home routers ship with default passwords, default internal IP address ranges, and web-based configuration interfaces. The exploit is a single line of JavaScript loaded with a default router IP address, a default password, and an HTTP query designed to reconfigure the router to use the attacker's DNS servers." The article goes on to discuss several related and more advanced techniques related to this one, which security companies will have to keep in mind to guard against future attacks.

(Via Slashdot.)
Technorati Tags: , , , , , , , , , , ,

Comments

Popular posts from this blog

Microsoft release Outlook.com email services to replace Hotmail

Today Microsoft released its new email service Outlook.com to replace its Hotmail brand. This new streamlined Metro interface design looks good and functions well so far. You can use your existing Microsoft account to log in and then choose an email alias (i.e. douglaswelch@outlook.com) for your new email address. Here are several articles that discuss Outlook.com... Goodbye, Hotmail; Hello, Outlook.com [REVIEW]  Outlook Is a Completely New, Feature-Filled Webmail Service from Microsoft Go Get Your @Outlook Email Address Quick Before Someone Else Does I will post links to more articles and reviews as they appear.

Shared calendars are one part of an organized family

by Douglas E. Welch , techiq@welchwrite.com 206-338-5832 Reader/Listener Line As a parent with a school-age child, I often hear other parents bemoaning their disorganized existence. Along with the busy schedules of two working parents you might have art classes, karate classes, Little League, soccer and more. Add in more than one kid and organizing your life can quickly become a nightmare. This is exactly why one of my most important organizing devices is a shared calendar that reflects all the activities and events for everyone in the household...and I do mean everything. If someone -- is required to be somewhere -- at sometime, it goes into the calendar. If we are given a calendar that reflects all the events for a particular activity (say, Little League), all these events immediately go into the calendar, along with notations on whether we are providing the team snack, working in the snack bar, etc. Even events that occur anytime during the day, like family birthdays, and other rem

TechIQ Gift Guide #15: Sams Teach Yourself Wordpress 3 in 10 minutes

#15 Sams Teach Yourself Wordpress 3 in 10 minutes Chuck Tomasi , fellow Friends in Tech member and co-author of Podcasting for Dummies , along with another Friends in Tech member and podcasting partner, Kreg Steppe , have a new book out that would be a great gift for anyone interested in blogging and New Media. Wordpress is my first recommendation when someone wants to get started with blogging, but it can be a little intimidating. It is very powerful and with power comes complexity. That said, this book can help to jumpstart your Wordpress knowledge and help you be productive. There is also a companion podcast to the book, Wordpress in 10, available from the author's web site. From Amazon.com... "Sams Teach Yourself WordPress in 10 Minutes gives you straightforward, practical answers when you need fast results. By working through its 10-minute lessons, you’ll learn everything you need to build great blogs with WordPress and WordPress.org, and reach any audience by web brows