dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1677
share rss forum feed


Branflakes

@74.198.150.x

[BC] Telus Internet Accounts Vunerable [CBC Article]

Link »www.cbc.ca/news/technology/story ··· ?cmp=rss

Telus first lied:
quote:
"Telus at first tried to downplay the hack, telling customers the company was trying to implement a technical update when a glitch occurred.

Telus now admits it was hacked, calling it "vandalism," but emphasized that no personal customer information was stolen."
quote:
"As recently as Monday, the hacker said Telus had not patched the security hole in its system that allowed him access in November.

“The security flaw … is still here to this date. Tested as of Monday, February 27th, 8:30 p.m. Thank you.”
Still not fixed?


pfak
Premium
join:2002-12-29
Vancouver, BC
Was fixed ages ago by blocking the TR69 port on the SDX. Similar issues exist with the Alcatel Cellpipe 7130, and the Actiontec V1000H has a WPS vulnerability.
--
The more I C, the less I see.


PierrePoutin

@videotron.ca
said by pfak:

Was fixed ages ago by blocking the TR69 port on the SDX. Similar issues exist with the Alcatel Cellpipe 7130, and the Actiontec V1000H has a WPS vulnerability.

Ages ago? The hack happened what? 3.5-months ago?

Also, Telus already lied to its' beloved and cherished customers. Multi-times about this.

And yet you will believe them now?

couttsj

join:2010-07-29
Vernon, BC
reply to pfak
said by pfak:

Was fixed ages ago by blocking the TR69 port on the SDX. Similar issues exist with the Alcatel Cellpipe 7130, and the Actiontec V1000H has a WPS vulnerability.

The main reason why I steadfastly refuse to use a Telus router that doesn't allow "Bridge Mode Only". Since a router is connected to both the Wide Area Network (WAN) and the Local Area Network (LAN), once access is gained (as through TR69) your private network becomes vulnerable.


nothernone

@telus.net
reply to Branflakes
a quick google search will show you how many other isp's/companies(bell rogers, etc.) in canada have been hacked over the years on various issues and also far more serious hacks than this very basic modem/router backdoor access through the admin port. there was an article a few years back on a u.s. cable isp that hid the admin page with javascript, instead of with protection protocols. all the hacker did was scan the cable line and it's amazing on how many people do not ever look in their modem/router settings for anomalies.....
combination units are only nice for customer support and can suck for the customers own security(some isp's support staff in the u.s. offer/demand to enter your computer through the router/modem to modify problem settings, which is a road to being hacked via that easy access portal onto your private lan).
security can sometimes struggle to keep up with the tiniest flaws in firmwares that pop up from time to time.
rogers may one day shut down their highly profitable dpi scanner/injector(man in middle attack), so your unencrypted data may not be harvested on the rogers internet network.

but do not worry, the government will soon be logging all your internet data, so the hackers can access it far easier in one place, than having to go node to node, router to router.

encrypted surf to the web sites that have encryption: »www.eff.org/https-everywhere


TelusDetecti

@173.180.193.x
reply to Branflakes
Telus was hacked, or just their clients' modem/routers?


nss_tech

join:2007-07-29
Edmonton AB
said by TelusDetecti :

Telus was hacked, or just their clients' modem/routers?

It just affected very specific router that had already been retired at the point of the hack. Telus itself was not hacked.


PierrePoutin

@videotron.ca
said by nss_tech:

It just affected very specific router that had already been retired at the point of the hack. Telus itself was not hacked.

Retired?

Has it been recalled or patched?

Nope. It has not.

Per the article, “The security flaw … is still here to this date. Tested as of Monday, February 27th, 8:30 p.m. Thank you.”

Which means that vulnerable routers are still in use.

markv

join:2011-02-23
I use that modem in question, though mine sits in bridge mode and I use a dlink for my actual router so I'm not worried about hack.