 wifi4milezBig Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY | Who's next? I hope they dont discover this vulnerability for the Fios Actiontec devices. The FIOS device is required in most cases, so people would be at much hiher risk. |
|
iansltx
join:2007-02-19
Golden, CO
kudos:2 | They aren't required, as long as you have Ethernet to somewhere useful where you can put a router. |
|
wifi4milezBig Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY | said by iansltx:They aren't required, as long as you have Ethernet to somewhere useful where you can put a router. They transmit channel information to the STB, without one the TV and Internet will work but you wont get any detail. |
|
patcat88
join:2002-04-05
Jamaica, NY
kudos:1 | reply to iansltx
said by iansltx:They aren't required, as long as you have Ethernet to somewhere useful where you can put a router. They are basically required if you have TV. (someone will chip in you can put a firewall ahead of the actiontec so no worm infections are possible) |
|
Reviews:
 ·Optimum Online
 ·Verizon FiOS
| reply to wifi4milez
said by wifi4milez:I hope they dont discover this vulnerability for the Fios Actiontec devices. The FIOS device is required in most cases, so people would be at much hiher risk. Broadband tiers are provisioned in the C/O computers (fios)... not by the routers, whereas a cablemodem provisioning has much to do with a file within cablemodems that provision speed/terms of service/features. |
|
 swintecPremium,VIP
join:2003-12-19
Alfred, ME
kudos:3
 ·RapidVPS
 ·Sprint Mobile Br..
 ·VoicePulse
·RoadRunner Cable
| said by tmc8080:said by wifi4milez:I hope they dont discover this vulnerability for the Fios Actiontec devices. The FIOS device is required in most cases, so people would be at much hiher risk. Broadband tiers are provisioned in the C/O computers (fios)... not by the routers, whereas a cablemodem provisioning has much to do with a file within cablemodems that provision speed/terms of service/features. What does that have to with anything? The hack for this router/modem combo unit allows individuals to access the administrative menus over the internet. Not play around with speed settings.
--
Block Accounts | UseNet Now |
|
wifi4milezBig Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY | reply to tmc8080
said by tmc8080:said by wifi4milez:I hope they dont discover this vulnerability for the Fios Actiontec devices. The FIOS device is required in most cases, so people would be at much hiher risk. Broadband tiers are provisioned in the C/O computers (fios)... not by the routers, whereas a cablemodem provisioning has much to do with a file within cablemodems that provision speed/terms of service/features. This particular hack has nothing to do with speed tiers (its not "unlocking" the modem). It appears as if there is some security issue that allows someone on the public internet to control (and make changes to) the internal menus and config files of the TWC router. This could be something as annoying as having the hacker change the login/password, or it could even allow them to potentially re-route traffic to malicious websites.
--
"If it's to be a bloodbath, let it be now. Appeasement is not the answer."
-Ronald Reagan-
»www.theadvocates.org/quizp/index.html
|
|
wifi4milezBig Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY | reply to patcat88
said by patcat88:said by iansltx:They aren't required, as long as you have Ethernet to somewhere useful where you can put a router. They are basically required if you have TV. (someone will chip in you can put a firewall ahead of the actiontec so no worm infections are possible) I have read that there is some wacky workaround that is successful about 10% of the time (and gets reset periodically!), however thats far beyond what most people would ever do.
--
"If it's to be a bloodbath, let it be now. Appeasement is not the answer."
-Ronald Reagan-
»www.theadvocates.org/quizp/index.html
|
|
|
|
iansltx
join:2007-02-19
Golden, CO
kudos:2 | reply to wifi4milez
Didn't know that. Thx for the clarification. |
|
| reply to wifi4milez
said by wifi4milez:it could even allow them to potentially re-route traffic to malicious websites. That, I think would be the worst outcome. Especially if the malicious website was benign looking. For example, a transparent proxy. So a hacker hits your cable modem and redirects all traffic through his proxy. You then go to your online bank's website, your web e-mail site, Paypal, etc.
All of them work fine and you take all usual precautions (typing in address bar, up to date security software, etc). Still, you're compromised because the hacker now has your account information the minute you hit Submit. He can now clean you out whenever he wants.
Later, if he wants to cover his trails, he can re-log back into your cable modem and revert his changes so it looks like the cable modem was never tampered with.
--
-Jason Levine
Support a children's charity. Buy a calendar and/or a photo book. Shooting For A Cause |
|
 jmn1207Premium
join:2000-07-19
Ashburn, VA | reply to wifi4milez
The main problem with security in this article is the fact that remote access is enabled by default and the wireless security is vulnerable at the default WEP setting.
There are no problems with FiOS and the ActionTec or Westell routers with regards to security. At least, no different from any other consumer level router. These aren't modems, just routers, and while the tiny NAT table may be an issue for some users with certain ActionTec models, they are full featured routers that are very capable and highly configurable.
Lots of people have setup FiOS to use their own routers in all kinds of configurations, and all of these setup are explained in the FiOS FAQs.
You can actually hook up your PC directly to the ONT without using any router at all. And only the Verizon STB require a MoCa router for VOD and guide data. TiVo and Moxi HD DVRs get their guide date from the internet, and the coaxial cable does not need to connect to the router at all for people with these devices. |
|
| reply to Jason Levine
Already done |
|
| reply to iansltx
I live in New Jersey and I have a router and a Toshiba PCX 2600 cable modem and I have problems with Lag? (30 sec to load) and other Times the page comes up unreachable. The cycle is about 5 minutes on and 10 minutes off and it is not the router ether or the firewall or any file on the computer there is a thread about DNS server attacks on Wilders security forums »www.wilderssecurity.com/showthre···t=256231. I think Road Runners Servers are Vulnerable to attack. |
|
Reviews:
·Comcast
| reply to wifi4milez
said by wifi4milez:said by iansltx:They aren't required, as long as you have Ethernet to somewhere useful where you can put a router. They transmit channel information to the STB, without one the TV and Internet will work but you wont get any detail. It has to be an ip based port , do some logging and see which it is  and let it pass through the firewall. Or get them to set the device into bridge mode and let it pass along to the next device in line.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" |
|
jmn1207Premium
join:2000-07-19
Ashburn, VA | reply to Jason Levine
If you are simply passing through a hacker's intercepting proxy, unless the bank site is fake and collecting your personal data, I would think that SSL or whatever the banks use nowadays, would prevent eavesdropping. I thought that was the purpose of secure sites? Only the end points have the key, the client and server.
I don't know too much about any of this stuff, so please don't clobber me for my ignorance, I'm just curious. I realize this is a real security threat, but I would hope that it's more challenging than just creating a simple proxy to steal webmail and bank access. |
|
| reply to iansltx
They're required. VOD will not work without them. Also other channel information will not be present. I tried removing one and it wasn't pretty. |
|
wifi4milezBig Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY | reply to jmn1207
said by jmn1207:You can actually hook up your PC directly to the ONT without using any router at all. And only the Verizon STB require a MoCa router for VOD and guide data. TiVo and Moxi HD DVRs get their guide date from the internet, and the coaxial cable does not need to connect to the router at all for people with these devices. Correct, however most people also get the TV bundle with FIOS. That being said, most of those people also use the Verizon STB. So if you are a typical FIOS TV user you need the Actiontec unless you dont want VOD and guide data (which everyone wants).
--
"If it's to be a bloodbath, let it be now. Appeasement is not the answer."
-Ronald Reagan-
»www.theadvocates.org/quizp/index.html
|
|
jmn1207Premium
join:2000-07-19
Ashburn, VA | ActionTec or Westell are the current brands being used right now. Still, they are full featured routers, and not absolutely necessary. I don't really see this as any concern at all. Your options for any ISP are just as limited in reality. How many different DOCSIS 3.0 Comcast modems can I use.? Would most customers even purchase their own? How many variations does Comcast provide?
It's really nothing to worry about. |
|
| reply to jmn1207
quote:
The SSL vulnerability allowed Marlinspike to create what he called a universal wildcard certificate that caused Firefox to authenticate every domain name on the internet. He did so by applying for a normal certificate for his website thoughtcrime.org. In the commonName field he listed the site as *\0.thoughtcrime.org, causing the browser to believe the certificate was universally valid.
»www.theregister.co.uk/2009/08/04···_update/
There's a few vulnerabilities out there... |
|
jmn1207Premium
join:2000-07-19
Ashburn, VA | It looks as if that has already been patched. The browser I normally use does not currently show any unpatched Secunia advisories, and the developers have been very quick to respond when potential problems do appear.
A fake site might be able to mimic Wells Fargo's site, but if someone attempts to log in and check their account, I would think it would be immediately obvious that something was not quite right. Recent transactions would not be able to be forged on a fake site unless the bank's site, itself, was completely compromised. Even if a browser is fooled into thinking the site is legit, I would be EXTREMELY concerned if the site popped a message claiming to be temporarily down after entering my login credentials. I'd be on the phone immediately.
There is only so much I can do, within reason, to protect myself. As long as more valuable data is out there that is much easier to get to, I won't panic. FiOS is so fast and reliable, any phantom proxy being used had better be damn fast with very low latency, otherwise I'd be doing all kinds of tests to see what the problem might be, which could possibly expose the security problem, or at least put me on notice to stay away from more security sensitive sites until the issue can be resolved. |
|
