?

Log in

No account? Create an account
entries friends calendar profile my webpage Previous Previous Next Next
Why you need to secure your rounter. - Tina Marie's Ramblings
Red hair and black leather, my favorite colour scheme...
skywhisperer
skywhisperer
Why you need to secure your rounter.
Symantec's been talking about this for a year, and now it's happening in the wild: Phishing attacks against your router.

Overview:
http://www.symantec.com/enterprise/security_response/weblog/2008/01/driveby_pharming_in_the_wild.html

More details:

"However, these messages can be set using the Adobe Flash plug-in. What’s worse is that many home routers accept SOAP messages without requiring any type of authentication. When you combine these two observations, it’s possible to create a Web page (containing an appropriate malicious Flash object) that when simply viewed will reconfigure your home router settings. Even if you employ traditional protections such as password protection on the router or employing WPA encryption, you will not be protected against these types of threats."

http://www.symantec.com/enterprise/security_response/weblog/2008/01/flashing_home_routers.html
4 comments or Leave a comment
Comments
scarybaldguy From: scarybaldguy Date: January 23rd, 2008 03:16 am (UTC) (Link)
I secured both my wired and wireless routers within 1 minute of setting them up. Failure to do so is as stupid as failing to install antivirus and firewall software.
skywhisperer From: skywhisperer Date: January 23rd, 2008 03:27 am (UTC) (Link)
Mine is secure, too, but there are a lot out there that aren't. Heck, there are a lot of people who do good to get a password on the wireless, let alone change their admin password (although one router I had required you to change it as part of the setup process - you couldn't skip it), let alone understand what SOAP or UPnP is.
alioth1 From: alioth1 Date: January 31st, 2008 11:07 pm (UTC) (Link)
I don't have AV or firewall software.

But I don't run Windows :-)
alioth1 From: alioth1 Date: January 31st, 2008 11:09 pm (UTC) (Link)
I keep banging on about this, but who's silly idea was uPnP? That's just a security hole waiting for a botnet. The first things I do to any wireless router:

1. Change the admin password (and user, if possible).
2. Enable some form of WPA.
3. Turn off uPnP.

4 comments or Leave a comment