site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Time Warner Cable Exposes 65,000 Routers to Remote Attacks

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


NSA_CIA

@charter.com

reply to Mele20

Re: Time Warner Cable Exposes 65,000 Routers to Remote Attacks

said by Mele20:

From the article:

"SMC spokesman Fisher told Threat Level that the admin credentials Chen exposed are actually the administrative credentials for a router made by Ambit. He said it appears that Time Warner applied the same credentials to its customers’ SMC routers."
The SMC spokeshole is just trying to deflect the issue so his company doesn't look so bad.

The credentials (aka username and password) don't make much of a difference if the SMC ALLOWS remote access to it's web interface by default and then tries to hide the admin interface by stupid java scripting. Changing the credentials doesn't change the remote access issue or the stupid javas cripting. SMC has to correct those issues in firmware.

Even if TWC changed the credentials, they tend to get found out if static and posted on the internet. Short of making a "password of the day" like Arris does, changing credentials that stay static for long periods of time doesn't do much.

TWC can't push out the real fixes until SMC releases the new firmware that corrects the remote access issues.

The majority of modems (aside from some Linksys, SA, Ambit, and other modems) just display "This page is not available." when attempts at remote access are made to the internal diagnostic pages. That is what the SMC and ALL MODEMS should be programmed to do by default.
to forum · permalink · 2009-10-26 23:19:20 ·


sbconslt

join:2009-07-28
Los Angeles, CA

Mr. Chen gave us the port numbers there.

quote:
ports 8080, 8181 and 23
The article goes on to say the temporary patch has left remote admin open, but deprived attackers of the ability to ascertain the admin credentials using the javascript hole. In the meantime, they didn't change the standard admin credentials from the values Chen found previously. So since they have surely been dissemminated or can be ascertained from context, the temporary patch is really not stopping a determined attacker.

Bottom line if you have this CPE equipment get rid of it immediately and demand a plain old bridge modem from TW, and bring your own router/AP.
--
Scott Brown Consulting
to forum · permalink · 2009-10-27 14:23:27 ·
Forums > Broadband Tech > Security > Security

Saturday, 02-Jun 02:26:33 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics