SoylentNews is people
SoylentNews
from the flash-alternate-router-firmware-for-protection dept.
janrinok writes "A recent survey carried out by Tripwire, reported by the BBC, claims that "80% of the 25 best-selling routers available on Amazon are vulnerable to compromise". Security researcher Craig Young from Tripwire said exploits had been publicly discussed and published for more than one-third of these devices.
In a separate report, the Internet Storm Center (ISC) warned about a continuing attempt to exploit a vulnerability in 23 separate models of Linksys routers. A worm, called 'The Moon' is compromising Linksys routers and then scans for other potentially vulnerable systems. So far, wrote ISC researcher Johannes Ullrich in his blogpost, it is not clear why the routers are being compromised and what might be done with them. There are hints in the exploit code that the routers will at some point be gathered together into a network of compromised machines. Currently, he added, all the worm was doing was spreading to other Linksys routers.
The reason for the current European concern is a recent large scale attack on home routers in order to gather usernames and passwords for online bank accounts, reported by the Polish Computer Emergency Response Team (CERT) and elsewhere."
(Score: 4, Interesting) by captain normal on Monday February 24 2014, @03:36AM
There is a possibility that this and many other attacks are from NSA or some other government's spy agency. Just a possibility of course. The other thing is that virtually no one password protects their router. Most people will set a password for access, but leave control of their router's settings and permissions to someone called "admin" or "administration". That probably accounts for the 80% right there.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 5, Funny) by nsa on Monday February 24 2014, @03:42AM
No, it's not us. Trust me.
(Score: 1) by aristarchus on Monday February 24 2014, @04:49AM
What? The NSA is a user on Soylent News? But wait, they said "trust us". Carry on.
(Score: 0) by Anonymous Coward on Monday February 24 2014, @04:39AM
No 3-letter agency paranoia required here. ..uhm... 20 room villa with olympic sized swimming poll and tennis court built on a toxic landfill syndrom : )))
people don't know / don't care. if it looks "fancy" it's good!
they just want to get their pr0n, facebook and youtube anyways.
you know the
(Score: 1) by ls671 on Monday February 24 2014, @06:31AM
I monitor attacks on several servers and most of them are from organized crime or script kiddies. I never could find one special enough for me to think it is coming from who you think it is.
Then again if who you say was going to get in, maybe I wouldn't even see it coming. Maybe they are already in! I am pretty good at monitoring but I would never ever think that I am unpenetrable. Nevertheless, I would say chances are they aren't in ;-)
I believe the idea is to work at a higher network level and not take control of private LANs unless there is sufficient reasons to try to do so.
Everything I write is lies, including this sentence.
(Score: 2) by janrinok on Monday February 24 2014, @02:56PM
Its true that many do not protect their routers even by the simply changing the default passwords. At least here (France) each router provided by an ISP has a password that is based upon the router's serial number. If you have the device in your hand it is possible to work out (eventually) what the default password will be, although it is not a straightforward read across. There is not a standard userid/password combination that works on all routers of that type.
I suspect that another reason, hinted at in my first paragraph, is that ISPs (e.g Orange.fr) provide the router and they can access it at any time to update the firmware inside it. No matter how careful they may be, the password for that attack vector could eventually become known, even if only to a few individuals leaving the device vulnerable. Fitting your own privately purchased router causes problems, as the ISP will simply ignore your router if it does not return the correct firmware password (I have tried, and even got a phone call from Orange asking if I was experiencing difficulties). Of course, it is easy to change the admin/user names and passwords, but I have not found a way to identify the ISP's password for my router. I suppose I could put another computer between the telephone cable and the router and sniff it out that way. But, to be fair, I have not seen reports of Orange's routers being vulnerable to any specific attacks.
Alternatively, perhaps someone will read this and point me in the right direction...?