If you own a wireless router....
Feb. 24th, 2007 01:19 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewaynePLEASE CHANGE THE DEFAULT ADMINISTRATOR PASSWORD if you haven't already. There's a new attack going around where, if you go to a corrupt page, it launches a malicious script on your PC that tries to identify your wireless router and change the administrator password. If it succeeds, it then becomes a base layer for phishing attacks by redirecting your attempts to access financial accounts to servers under the attacker's control. In such cases, if the cloned sites are done well (and with the amount of work that this attack requires, they'll probably be done well), you may not know that you're not on your bank's web site.
There are two obvious solutions. First, make sure that your administrator password isn't the default factory setting. Second, don't go to such web sites that these attacks are launched from. Unfortunately it's not easy knowing where such sites might be lurking. I think that part of the reason that I've been virus-free for so long is that I don't go where angels fear to tread and I'm not constantly downloading programs and toolbars. But maybe I'm just lucky.
OK, I mis-read the article. This is a proof-of-concept, i.e., someone created this attack and proved it viable. This does not mean that it exists in the wild. Still, you should change the default password on your wireless router.
There are two obvious solutions. First, make sure that your administrator password isn't the default factory setting. Second, don't go to such web sites that these attacks are launched from. Unfortunately it's not easy knowing where such sites might be lurking. I think that part of the reason that I've been virus-free for so long is that I don't go where angels fear to tread and I'm not constantly downloading programs and toolbars. But maybe I'm just lucky.
OK, I mis-read the article. This is a proof-of-concept, i.e., someone created this attack and proved it viable. This does not mean that it exists in the wild. Still, you should change the default password on your wireless router.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-02-24 08:51 am (UTC)I once worked with a Motorola DSL gateway/wireless router. On initial power-up, it required you to enter what would become the admin password, thus, the unit DID NOT have a default password. I rather liked that.
Cisco routers, the business-kind, also don't have default passwords because they don't have any initial configuration! But we're talking a whole different kind of beast there.
no subject
Date: 2007-02-24 08:53 am (UTC)no subject
Date: 2007-02-24 08:57 am (UTC)I was in Phoenix last weekend, and my nieces came over for the night. They had a nice shiny new Dell laptop that their dad gave them. I called my sister and asked if I could configure it to give them internet access at my dad's, she said fine, dad didn't care, so I did it. I don't think they can get the WPA password out of the config, but really it's no biggie if they can. And if they ever come up here.... ;-)
no subject
Date: 2007-02-24 08:59 am (UTC)I leave my network open, but I also live in the middle of amish land and old people land, though my biggest reason for this was because my mom is so clueless about everything I wasn't going to try to explain passwords and such to her. I'm lucky she can re-boot things if I'm not home....and she has a hard enough time understnding why her computer keeps telling her she's connected to "green gables"
no subject
Date: 2007-02-24 09:02 am (UTC)But that'll wait until I'm a little more flush. I don't mind providing some free bandwidth, but not at the cost of jeopardizing my personal equipment.
no subject
Date: 2007-02-24 09:05 am (UTC)And it's helpful for when my friends visit with their laptops.
plus, i've had to hard reset the router way to many times. I'm lucky i change the admin password and SSID.