[funsec] Don't click that link - it may re-program your router?
David Lodge
dave at cirt.net
Sun Feb 25 04:24:08 CST 2007
On Tue, 20 Feb 2007 15:09:45 -0000, Michal Zalewski <lcamtuf at dione.ids.pl>
wrote:
> On Tue, 20 Feb 2007 Blanchard_Michael at emc.com wrote:
>> to me the whole deal is simply a reminder to change passwords from
>> default if they're not already.
> And hope you don't have hidden "service" accounts that are not visible
> through GUI, of course. Like Siemens DSL modems and their "userNotUsed" /
> "userNotU"...
*Every* home grade router I've used has had a default option to block the
administration console from the external network. This is basically:
1) Change default passwords
2) Get the vendors to set up secure
As far as I'm concerned, this is a vendor issue, a home router should
never leave the factory without it being configured to auto change the
default password and to block the administration screen from outside.
Though most vendors seem to be terrible on security and follow the concept
of "we tell you it's secure so it is".
dave
More information about the funsec
mailing list