EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
1 edit | reply to Annorax
Re: In the Wild: Zlob Changing Router Settings to Hijack DNS
said by Annorax  :Unfortunately, the vast majority of potential users are stoopid. The only way to make money from this group of the "great unwashed" is to make your product super easy to use. To a certain point I agree. However, just go to a local big box retailer and hear the salesman and the non-technical customer discuss the implementation of the new gizmo.
C: "well, I'm not a computer person. Is it hard to set up?"
S: "No problem - just pull it out of the box, plug in the wires as the diagram shows and it's set itself up. Or our GGR (Geek GangRape) experts can go to your home and set it up for you for only $229"
C: "Wow, that's a lot. I can plug in the doo-hickeys myself. thanks!" *trots to checkout to buy new router*
Alternative response:
C: "Wow, that's a lot but I'll have them set it up for me" *GGR installs router with defaults and the customer's pet guppy's name as the password (USER=ADMIN PW=FLUFFY)*
As for the "great unwashed", don't forget that technology is for people and not the other way around. Too many self-styled experts forget that - or aren't skilled enough to teach or develop solutions customers can use.
--
If dogs travel in space at the speed of light, do they reach their destination in dog-light years? |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to Annorax
said by Annorax :said by daveinpoway :It seems to me that a lot of this could be avoided if the router manufacturers would make it mandatory that you go into the setup and set a new password before the unit will function Unfortunately, the vast majority of potential users are stoopid. The only way to make money from this group of the "great unwashed" is to make your product super easy to use. A better solution would be for manufacturers to give a unique default password to each router, and print that password on the router (next to the serial number). Then physical access (ability to read the label) is required to change the settings. I'm pretty sure a few manufacturers already do this.
--
AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.14 |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | said by nwrickert :A better solution would be for manufacturers to give a unique default password to each router, and print that password on the router (next to the serial number). Then physical access (ability to read the label) is required to change the settings. I'm pretty sure a few manufacturers already do this. Well, in light of this exploit, I hope that more than a few manufacturers start doing this (or something similar).
It's pretty scary that the majority of Routers out there are still operating with the default password...and as I mentioned in an earlier post, I've confirmed this myself. (At least in my neck of the woods).
In the mean time, good luck to the 70 to 80% (maybe higher), of people who just buy these things, plug them in, and feel "secure". (Mainly because they've heard by word of mouth that's all they need to do to in order to keep most of the bad guys out).
I've also seen on many of the ISP "FAQ" pages, where they suggest that buying a Router will allow you to add additional Computers to your Broadband Connection....with the usual disclaimer that they are not responsible for maintaining it, should any problems arise.
Of course, with no mention whatsoever, that proper configuration for security is important.
--
I had a life once.....now I have a Computer and a Modem. |
|
darthboy
join:2007-12-31
Canada | reply to bcastner
I believe ISPs' tech guys never change the default passwords even during an onsite installation. Sure they help set up (at least) a WEP key, but that doesn't help in this kind of exploit. |
|
