Wednesday, July 21, 2010

Linksys Router Users: Change Your Password


It doesn't require that you panic over anything, but the Linksys exploit below could potentially effect your router if it still has the default password set to admin.

Again, this ONLY effects certain Linksys/Cisco routers with default password. You can disregard this email if you have a 2WIRE/DLink/other router.

Typically, when I set up a router, this is one item I change, but sometimes over the course of the years, it gets reset back to its default settings.

If you have a Linksys router, like the one above (or one of the slimline black units) let's connect up and make sure password has been changed.

You can test this yourself by opening your web browser (Internet Explorer, Safari, Firefox) and performing the following:



1. In the address bar at the top of the screen, where you would normally type something like http://cnn.com,

type 192.168.1.1 (RETURN)  (meaning hit the return or enter key)



2. You should see a box asking you to log in



3. Leave the username field blank and type admin as the password



4. Click Ok



5. If you see the Linksys Setup screen, then your router is still configured with the default password and should be changed



6. If you are refused login, then this means the default password has been changed and you should be OK


Contact your computer support person for assistance in resetting this password, if needed. they should be able to do it remotely, if needed.

Again, no need to panic, but this is a great reminder to check your settings every so often.



Researcher will enable hackers to take over millions of home routers

WRT54G
Cisco and company, you've got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic's Craig Heffner claims he's got a tool that can hack "millions" of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He's already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply -- for the love of Mitnick, change your default password! -- but Heffner believes the only real fix will come by prodding manufacturers into action. See a list of easily compromised routers at the more coverage link.

Researcher will enable hackers to take over millions of home routers originally appeared on Engadget on Wed, 21 Jul 2010 06:33:00 EDT. Please see our terms for use of feeds.
Permalink ForbesArs Technica  |  sourceBlack Hat 2010  | Email this | Comments