Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to siljaline
Re: Time Warner Cable Exposes 65,000 Routers to Remote Attacks From the article:
"SMC spokesman Fisher told Threat Level that the admin credentials Chen exposed are actually the administrative credentials for a router made by Ambit. He said it appears that Time Warner applied the same credentials to its customers’ SMC routers."
Talk about incompetent bamboozling!  These idiots provide my broadband and the only other choice is dialup. I have a Surfboard 5100 provided by Oceanic TW back in early 2005 and my own Linksy router but Oceanic has not given out ANY surfboards since 2005. Instead they give out utter junk and one modem is this SMC vulnerable one. We are not allowed (supposedly) to buy our own modems so I don't know what will happen when I eventually need a new one. I want only a Surfboard and am more than willing to buy my own...if I can.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
|
|
| said by Mele20:From the article: "SMC spokesman Fisher told Threat Level that the admin credentials Chen exposed are actually the administrative credentials for a router made by Ambit. He said it appears that Time Warner applied the same credentials to its customers’ SMC routers." The SMC spokeshole is just trying to deflect the issue so his company doesn't look so bad.
The credentials (aka username and password) don't make much of a difference if the SMC ALLOWS remote access to it's web interface by default and then tries to hide the admin interface by stupid java scripting. Changing the credentials doesn't change the remote access issue or the stupid javas cripting. SMC has to correct those issues in firmware.
Even if TWC changed the credentials, they tend to get found out if static and posted on the internet. Short of making a "password of the day" like Arris does, changing credentials that stay static for long periods of time doesn't do much.
TWC can't push out the real fixes until SMC releases the new firmware that corrects the remote access issues.
The majority of modems (aside from some Linksys, SA, Ambit, and other modems) just display "This page is not available." when attempts at remote access are made to the internal diagnostic pages. That is what the SMC and ALL MODEMS should be programmed to do by default. |
|
| Mr. Chen gave us the port numbers there.
quote:
ports 8080, 8181 and 23
The article goes on to say the temporary patch has left remote admin open, but deprived attackers of the ability to ascertain the admin credentials using the javascript hole. In the meantime, they didn't change the standard admin credentials from the values Chen found previously. So since they have surely been dissemminated or can be ascertained from context, the temporary patch is really not stopping a determined attacker.
Bottom line if you have this CPE equipment get rid of it immediately and demand a plain old bridge modem from TW, and bring your own router/AP.
--
Scott Brown Consulting |
|
