dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2009-03-24 13:20:06: A new bit of nasty code named "psyb0t," is getting a lot of attention today for being the first botnet malware designed for Linux-embedded broadband equipment and routers. ..

prev · 1 · 2 · 3 · 4 · next

DJMASACRE
join:2008-05-27
Nepean, ON

DJMASACRE to aefstoggaflm

Member

to aefstoggaflm

Re: Nothing is sacred...

said by aefstoggaflm:

said by dcurrey:

I am in range of 3 wireless networks. 2 of them are close enough to connect to. Even logged into routers. Guess I should change the default password for them at least.
I would not do that, if I were you.

Because connecting to another network that you do not own is illegal.
where do you people get this shit

its not illegal, you are not breaking in .
DJMASACRE

DJMASACRE to ztmike

Member

to ztmike

Re: default

said by ztmike:

Okay..yes this a is a n00b question..but how do you change the default password on a wrt54g? I been meaning to do it but haven't bothered to look up how..
Heres a thought . READ THE MANUAL !
DJMASACRE

DJMASACRE to DarkLogix

Member

to DarkLogix

Re: Targeting Dumb People?

said by DarkLogix:

Ya (have you ever checked to see how smart someone with an average IQ of 100 really is)
(based on just IQ 92% of people are below George Bush in IQ lol)

And to the open door thing someone mentioned

entering a locked house without permission is breaking amd entering but entering an unlocked house while not nice is not illegal in many places

just like hoping on an open wifi is legal but breaking into a secure wifi is illigal
that sounds right .

People think Paris Hilton New BFF is a good TV show hahahahahha
DJMASACRE

DJMASACRE to fifty nine

Member

to fifty nine

Re: Dumb people?

said by fifty nine:

said by Dave547457 :

I don't think people who don't change the defaults are necessarily dumb.
They're not dumb. They're either lazy, impatient or simply don't know any better.
not knowing any better means you are dumb. If you knew better you wouldnt be so dumb.
DJMASACRE

DJMASACRE to TheRul

Member

to TheRul

Re: simply amazing

said by TheRul:

It is simply amazing the aragance of this. How many of you do you own auto work? How many of you want to be able to have your car just start in the morning?

Most of these "dumb people" have not been educated in the world of security.

A lot of the elderly who have bought these "magic" boxes that allow them to sit in their chairs and email the grandkids. What do they know of security? What should you know about otheoperosis? Or how to skin a deer? or how your refridgerator actually works. Or god forbid, first aid!

So before berating people for not understanding what they should know, think about what you do not, before you call them names. One of them may someday have their hands in your guts, and you should prey they know the simple things that you do not.
end of rant
thats no excuse . sit on your hands and knees and wait for people to educate you ?

and if you dont know about computers you shouldnt have one unless your willing to get trained and learn how to use it .

period.

TomClancy
Freedom Isn't Free
join:2003-04-23
...

TomClancy to Noah Vail

Member

to Noah Vail

Re: Nothing is scared...

DD-WRT makes you change your password and your username before you can change any settings in the router.
TomClancy

TomClancy to SSX4life

Member

to SSX4life

Re: Nothing is sacred...

I don't, I guess as long your password is not hard to guess and you limit the number of wrong passwords entered you'll be fine.
TomClancy

TomClancy to SSX4life

Member

to SSX4life

Re: default

SSH is disabled by default, and you should leave Telnet enable for future failures in your router, and besides Telnet can only be used locally.
TomClancy

TomClancy to djrobx

Member

to djrobx

Re: niche market?

I have seen DSL Modem/Router Combo with Telnet enabled i.e. a Alcatel/Thomson Speedtouch modem. Can't be found in GUI, but if you know how to connect to telnet you can find it.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by TomClancy:

I have seen DSL Modem/Router Combo with Telnet enabled i.e. a Alcatel/Thomson Speedtouch modem. Can't be found in GUI, but if you know how to connect to telnet you can find it.
good to know. i figured that there were a few, but they weren't "mainstream" networking devices. i was aware that most third-party firmwares would include it, but my lack of familiarity with soho networking equipment (which includes pfsense/m0n0wall/various iptables based firewalls) prevented me from making an educated statement regarding the market penetration rate of such devices (my home network and my product knowledge is very cisco-centric).

q.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to Noah Vail

Premium Member

to Noah Vail

Re: Nothing is scared...

I think his point was the owners never bothered to change the defaults. We all know SSID hiding and MAC filtering are useless.

Airwolf7
Premium Member
join:2004-12-12
Franklin, KY

Airwolf7 to DJMASACRE

Premium Member

to DJMASACRE

Re: Dumb people?

said by DJMASACRE:
said by fifty nine:
said by Dave547457 :

I don't think people who don't change the defaults are necessarily dumb.
They're not dumb. They're either lazy, impatient or simply don't know any better.
Not knowing any better means you are dumb. If you knew better you wouldn't be so dumb.
That's incorrect! Are you dumb or ignorant? One can be corrected and the other one can not.

Not knowing any better because you lack the intelligence to know any better means you are dumb.

Not knowing any better because you lack knowledge on the subject means you are ignorant. This is the one that can be corrected.

»www.merriam-webster.com/ ··· ary/dumb

Dumb = lacking intelligence : stupid

»www.merriam-webster.com/ ··· ignorant

Ignorant = lacking knowledge or comprehension of the thing specified

ICE1
@sbcglobal.net

ICE1

Anon

Tomato GUI

Open Source or not, when it comes down to it
there needs to be a easy to use GUI for users
such as I. I use Tomato and it's getting exciting lately
if you never heard of Tomato you won't be disappointed
The nice people from the Tomato project provided a
neat site that allow you to look around before upgrading

»lampiweb.com/tomato/stat ··· ndex.htm

If you got any question check out

»Linksys
or
»www.linksysinfo.org/foru ··· hp?f=160

danclan
join:2005-11-01
Midlothian, VA

danclan to DJMASACRE

Member

to DJMASACRE

Re: simply amazing

quote:
thats no excuse . sit on your hands and knees and wait for people to educate you ?

and if you dont know about computers you shouldnt have one unless your willing to get trained and learn how to use it .
period.

and how thick are your rose colored glasses? You do realize that computers and routers and just about every piece of hardware sold to the public is done so in the light of "even a cave man can do it".

Your claim that no one should use it unless trained is so ridiculous and far fetched that its beyond comprehension.

Do you know VB+ do you know the os under which router works? Do you know all the settings and what they do? Can you describe how SSL works, AP Isolation,DTIM Interval, the difference between port forwarding vs port triggering? Do you know what ALL the services do on your pc and their dependencies and what libraries they may call? How bout the hive structure do you understand what it does and why it does it? Do you understand the implications of loopback addressing and why its needed? If not according to you FAIL.

A bit harsh dont you think?

Do I need go on? People make mistakes every day with technology. This "hole" really isnt a big concern for 99% of the public. Those that choose third party firmware will likely not be worried either.

Lets put this "hole" in perspective shall we...

fifty nine
join:2002-09-25
Sussex, NJ

1 edit

fifty nine to Noah Vail

Member

to Noah Vail

Re: Nothing is scared...

said by Noah Vail:

There is no evidence that an available SSID causes any significant security risk, in and of itself. It's weak or non-existent encryption; weak or non-existent passwords that make or break a routers security.
That is quite true. However, I believe his point was that one of the default SSIDs is usually a tip off that the router was never configured away from its default and is most likely still wide open.

Most non-savvy users will just buy a wireless router in a store, plug it in and once it works they're happy.

TheRul
Why Not You?
Premium Member
join:2007-09-18
Monterey, CA

TheRul to danclan

Premium Member

to danclan

Re: simply amazing

I am going to go back to an old joke of the VCR flashing 12:00.
How long was it until someone just started programming them to get the time from cable? Or when it starts up it asks for the date/time when it does not have it.
You are right, DJ, most of the old people do know how to use a computer.
We made it easy, so anyone can use it. The interface is simple now. But how about back when all that someone had when they turned on their computers was a black screen with a c:>
The routers, though they are everywhere are NOT user friendly, and in some cases I do not think they should be, and I am not really sure how to make them so.

Look at the number of people who are getting high speed connections in their house, how many of them do you think have a decent education, now how many do you think have had a decent education in IT?

Just because we take something for granted as gospel, does not mean that the rest of humanity does.

When you talk to someone who is not in IT about security, you end up talking about locking doors and big dogs.

What I was saying is that when you get older, you stop learning or trying to learn. Fortunatly it appears to happen later and later for each generation.
Also that not everyone knows what we know, and therfore, would not take the "simple" protections we would, but that does not make them dumb.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to PapaMidnight

Premium Member

to PapaMidnight

Re: Not Always The End Users Fault

Only those with some seriously old hardware (or a nintendo DS) would run into that, though. Consoles (I forget, does the Wii support WPA?) and portables aside the lowest common denominator these days is WPA/TKIP, which was the best my old G3 ibook supported.

Windows XP with SP3 supports WPA2/AES, and older Windows don't give a rat's ass and just let the third-party software handle it. (Thus my Win 2k picturebook's ability to do WPA2 as well )

A wireless set up wizard could be as simple as "Do you have a Nintendo DS and want it to be able to surf?" which would set WEP or WPA based on the answer. The next question would be an unskippable demand for a password, though for WEP the password would be used to generate a hex string to use for the key.
kpatz
MY HEAD A SPLODE
Premium Member
join:2003-06-13
Manchester, NH

kpatz to Noah Vail

Premium Member

to Noah Vail

Re: Nothing is scared...

said by Noah Vail:

The interesting thing will be how we deal with it. With a PC virus, we update our virus defs and maybe scan the system. Then we forget about it.

With this, we'd have to update the firmware, to either treat or prevent infection. That will mean having to enter our settings from scratch. That's a pain.
From what I've read, at present this malware doesn't touch the firmware, instead it loads into (volatile) RAM and runs from there; thus, it's gone as soon as you powercycle the router.

So, if something gets infected, just disconnect it from the WAN, powercycle it, then change the password to something stronger and/or disable telnet/ssh, plug it back in, and you're set.

aefstoggaflm
Open Source Fan
Premium Member
join:2002-03-04
Bethlehem, PA
Linksys E4200
ARRIS SB6141

aefstoggaflm to PapaMidnight

Premium Member

to PapaMidnight

Re: Nothing is sacred...

said by PapaMidnight:
said by aefstoggaflm:
said by dcurrey:

I am in range of 3 wireless networks. 2 of them are close enough to connect to. Even logged into routers. Guess I should change the default password for them at least.
I would not do that, if I were you.

Because connecting to another network that you do not own is illegal.
That's not entirely accurate.

First of all, there's no federal law as of yet of such and such cases are being handled on either a state by state or municipality by municipality case basis.

Secondly, connecting to another network you do not known is not illegal. "Maliciously" connecting to another network you do not own is illegal.

Additionally, Simply the wording alone of what you stated is too broad and makes the entire premise of the internet illegal, after all, aren't you merely "connecting to another network that you do not own"?
Ok, I will correct my self...

Because connecting to another network that you do not own and you do not have permission to connect to, is illegal.

^^

Does that make you happy?
aefstoggaflm

aefstoggaflm to TomClancy

Premium Member

to TomClancy

Re: Nothing is scared...

said by TomClancy:

DD-WRT makes you change your password and your username before you can change any settings in the router.
That is half correct / half wrong.

In the newer ones it does. In the older ones, well you get the point...

DJMASACRE
join:2008-05-27
Nepean, ON

DJMASACRE to danclan

Member

to danclan

Re: simply amazing

said by danclan:

quote:
thats no excuse . sit on your hands and knees and wait for people to educate you ?

and if you dont know about computers you shouldnt have one unless your willing to get trained and learn how to use it .
period.

and how thick are your rose colored glasses? You do realize that computers and routers and just about every piece of hardware sold to the public is done so in the light of "even a cave man can do it".

Your claim that no one should use it unless trained is so ridiculous and far fetched that its beyond comprehension.

Do you know VB+ do you know the os under which router works? Do you know all the settings and what they do? Can you describe how SSL works, AP Isolation,DTIM Interval, the difference between port forwarding vs port triggering? Do you know what ALL the services do on your pc and their dependencies and what libraries they may call? How bout the hive structure do you understand what it does and why it does it? Do you understand the implications of loopback addressing and why its needed? If not according to you FAIL.

A bit harsh dont you think?

Do I need go on? People make mistakes every day with technology. This "hole" really isnt a big concern for 99% of the public. Those that choose third party firmware will likely not be worried either.

Lets put this "hole" in perspective shall we...
Yes ... i can explain those things.

but i am talking about the basic things like chaning the default password which is clearly stated in the manual you should be reading =)
k1ll3rdr4g0n
join:2005-03-19
Homer Glen, IL

1 edit

k1ll3rdr4g0n to damonlab

Member

to damonlab

Re: Nothing is sacred...

said by damonlab:

said by k1ll3rdr4g0n:

If you leave the door open to your house, does that give the right to walk in and out as I please?
said by k1ll3rdr4g0n:

Is it legal for me to walk in your house and turn on your faucet to fill my glass with water that you pay for?
The discussion is about computers and wireless networks. Discussion of houses, doors, faucets, and glasses of water is an entirely different topic that is not applicable to computers and wireless networks.
Isn't that a Red Herring? This is the one place that is very easy to point out fallacies in people's "arguments". It's so much fun .

Not to lead this down a off topic thread. But for the kids following at home what I was used was called an anology, a defense lawyer (or an argument that a District attorney) can use in the court room that is filled with the accused peers.

TheRul
Why Not You?
Premium Member
join:2007-09-18
Monterey, CA

TheRul to DJMASACRE

Premium Member

to DJMASACRE

Re: simply amazing

said by DJMASACRE:

but i am talking about the basic things like chaning the default password which is clearly stated in the manual you should be reading =)
I agree, should be reading, but here comes the FIOS guy and installs everything for you. Puts in the router, makes sure it works, now you have the boxes for everything that he just installed, so, thinking like an end user... "It all works, so why should I bother?"

Have you read the manual for everything you own? Your Fireplace? The Toaster? How about your house? they come with manuals too. But everything is working so why should you?

DJMASACRE
join:2008-05-27
Nepean, ON

1 recommendation

DJMASACRE

Member

said by TheRul:

said by DJMASACRE:

but i am talking about the basic things like chaning the default password which is clearly stated in the manual you should be reading =)
I agree, should be reading, but here comes the FIOS guy and installs everything for you. Puts in the router, makes sure it works, now you have the boxes for everything that he just installed, so, thinking like an end user... "It all works, so why should I bother?"

Have you read the manual for everything you own? Your Fireplace? The Toaster? How about your house? they come with manuals too. But everything is working so why should you?
Well i dont own a fireplace but yes I do read all the manuals before and during and after installation, whether I need them or not. Better to atleast know the device and then a good number to call in case you have questions ( which doesnt always help )

If some guy comes to install something, you should either be asking him to explain how its set up, ask questions about security if it applies, and it should be his job to make sure you change the default passwords right away before he leaves.

thats how it SHOULD happen, lol
DJMASACRE

1 edit

DJMASACRE to Airwolf7

Member

to Airwolf7

Re: Dumb people?

said by Airwolf7:

That's incorrect! Are you dumb or ignorant? One can be corrected and the other one can not.

Not knowing any better because you lack the intelligence to know any better means you are dumb.

Not knowing any better because you lack knowledge on the subject means you are ignorant. This is the one that can be corrected.

»www.merriam-webster.com/ ··· ary/dumb

Dumb = lacking intelligence : stupid

»www.merriam-webster.com/ ··· ignorant

Ignorant = lacking knowledge or comprehension of the thing specified
so by those definitions. you can be intelligent and not know anything (lack knowledge)

you cant be one without the other.

everything can be corrected if you really try . come on stop being so ignorant =)
hottboiinnc4
ME
join:2003-10-15
Cleveland, OH

hottboiinnc4 to PapaMidnight

Member

to PapaMidnight

Re: Nothing is sacred...

it's better than nothing and your regular next door neighbor isn't going to know how to crack it.

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds to DJMASACRE

Premium Member

to DJMASACRE
said by DJMASACRE:
said by aefstoggaflm:
said by dcurrey:

I am in range of 3 wireless networks. 2 of them are close enough to connect to. Even logged into routers. Guess I should change the default password for them at least.
I would not do that, if I were you.

Because connecting to another network that you do not own is illegal.
where do you people get this shit

its not illegal, you are not breaking in .
Because it is 100% true and accurate. If you connect to and then use a Wireless Network without the prior express permission of the owner of that Network then you are a thief performing an illegal act that is punishable under the Law.

TodayGone
@verizon.net

TodayGone

Anon

complicated philosophy of life and mental states discussions

How about we drop the complicated philosophy of life and mental states discussions and get back to the simple stuff like computer security? I'm getting dizzy with all the cross-pollination of ideas and will have to sit this one out.

Maybe I should go do something simple like set up another computer network? That calms me down.... Maybe, check out the neighbors' wireless security. Perhaps, some relaxing Sunday afternoon WEP cracking?

DJMASACRE
join:2008-05-27
Nepean, ON

DJMASACRE to Doctor Olds

Member

to Doctor Olds

Re: Nothing is sacred...

said by Doctor Olds:

Because it is 100% true and accurate. If you connect to and then use a Wireless Network without the prior express permission of the owner of that Network then you are a thief performing an illegal act that is punishable under the Law.
Which Law section is that again ?

BlameMarketing
@embarqhsd.net

BlameMarketing

Anon

yes people are dumb but: don't blame the victims

The majority of dumb users are overwhelmingly due to the fault of the computer manufacturers and their marketing / advertising ads and efforts that leave out all the information that is contrary to the sales and advertising message.

they want people to think it's easy simple plug-n-play don't worry be happy time for using computers.

they're the ones that sell it like that -- most people don't want to and don't have time to learn technical stuff re: security / optimization / etc -- it's actually all very complicated stuff for those who don't know, don't want to know, don't have the time, etc. They've been sold a false bill of goods.

But the pc manufacturers would never sell the frakkin things if people knew beforehand how much crapola they were getting themselves into re: malware, security, blah blah blah blah....

easy targets - because of FALSE ADVERTISING.
prev · 1 · 2 · 3 · 4 · next