[funsec] Don't click that link - it may re-program your router?

David Lodge dave at cirt.net
Sun Feb 25 04:24:08 CST 2007


On Tue, 20 Feb 2007 15:09:45 -0000, Michal Zalewski <lcamtuf at dione.ids.pl>  
wrote:
> On Tue, 20 Feb 2007 Blanchard_Michael at emc.com wrote:
>> to me the whole deal is simply a reminder to change passwords from
>> default if they're not already.
> And hope you don't have hidden "service" accounts that are not visible
> through GUI, of course. Like Siemens DSL modems and their "userNotUsed" /
> "userNotU"...

*Every* home grade router I've used has had a default option to block the  
administration console from the external network. This is basically:
1) Change default passwords
2) Get the vendors to set up secure

As far as I'm concerned, this is a vendor issue, a home router should  
never leave the factory without it being configured to auto change the  
default password and to block the administration screen from outside.

Though most vendors seem to be terrible on security and follow the concept  
of "we tell you it's secure so it is".

dave


More information about the funsec mailing list