General discussion


Hack lets intruders sneak into home routers

By DanLM ·

Change the default password, christ. I can't beleive people still don't do that.

Dan does a benny hill slap on the head of every person that does not change default passwords.


This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Hack lets intruders sneak into home routers

by stephanbarr.lists In reply to Hack lets intruders sneak ...

Here's how I setup access points;
1. Give the device a static IP and move it near the top (above .200)of your range. If possible don't use the DHCP server function. Let some other device or server do that.
2. Change the password to something with numbers and letters.
3. Change the default device name to something you'll recognize. Do not use the default name.
4. Don't use WEP or WPA.
5. Use the MAC address access list that way only devices you explicitly add will gain access to you network.


Collapse -

Are you trying to put many of us out of business?

by deepsand In reply to Hack lets intruders sneak ...

Without stupid users, quite a few of your brethren would be otherwise employed!

Collapse -

Any One Who is Wireless is a Fool

by BIGMACattack420 In reply to Are you trying to put man ...

We are all vulnerable even with a router that is hard wire
if your on the net then your making yourself a target and I
don't care if you have every firewall out their, if you got
know how and the software and know how to run a virtual
machine then you can get past any routers
password,/w.e.p,/w.e.p 2 it's all in how much you know.
advice to you if is if you want to be secure as can be GO

Collapse -

So how

by The Listed 'G MAN' In reply to Any One Who is Wireless i ...

does a mac change the firewall & wireless router that I am running exactly?

The same firewall and router that would be used for the PC.

If I am to believe you then the end result would still be exposure to the hackers, no matter what system I run behind them.

Collapse -

*Sigh* Same crap from Mac lovers

by WoW > Work In reply to Any One Who is Wireless i ...

"Buy a Mac! Buy a Mac!"
That's all Mac users do, complain about PCs and push their Mac-ology onto people like a "religious right". The Pat Robertsons of the computing world.

Sadly, it's worse than the Ford/Chevy arguement you hear at NASCAR races.

Anyway, and back to the article at hand: It's ashame that companies don't build in an auto-force password change on routers the first time you log in. Joe User don't always think about things like the router password. They think just think Router=Security, not the actual settings.

Collapse -

~pokes Dan in the back~

by Jaqui In reply to Hack lets intruders sneak ...

here, use my bat, it has pennies super glued to it to knock some "cents" into them ]:)

Collapse -

That is not nice X-( :^0

by TechExec2 In reply to Hack lets intruders sneak ...

Taking advantage of some ignorant person's insecure home router is not nice! That's right up there with taking candy from a baby, taking a retarded child's lunch money, or kicking a dog. There must be a special place in **** for these depraved people.

Changing the DNS to redirect to a phisher website is scary. If the phishers make the front door look and act like the real one, and wire up a fake SSL certificate, all it has to do is suck up the user IDs and passwords and then display some kind of "We're sorry, database temporarily offline, try again later" page. Insidious!

What to do? If you ever see this kind of odd website behavior from a major financial site, assume you're exposed and do something to change your password immediately. Call the bank. Or, immediately use an alternate Internet connection (a dial-up modem will do), sign on to the real website, and change the password. Of course, this plan fails if the redirection is being done in your hosts file, or in the Internet somewhere.

Some financial websites are effectively countering this threat with things like "Site ID" (e.g. Bank of America). The website presents you with something known only to you (a photo and a passphrase) after you enter your user ID but BEFORE you enter your password. You are instructed to not enter your password if you don't see the correct picture and passphrase. This is a clever, and patented, sequence that is very effective.

A True Story - A "perfect" phisher website

Some months ago, I got an outstandingly realistic phisher e-mail from "PayPal" (most of them are poor). The only dead giveaway was the lack of personal information (my name, etc), and the hidden website URL on the "Click Here" link. I was curious so I went to the "PayPal" website to check this one out. That fake page was absolutely flawless. Every single link worked and went to the real website. It even had the current promotional advertising that was on the real PayPal website. Only two things were different: 1. The URL was not "", but was close enough to fool a lot of people, and 2. The destination on the HTML form tag was not "". Someone put a huge amount of work into this. Spooky.

Wireless Home Router Best Practices:

- Change the router admin password. Use a strong password (no dictionary words, uppercase, lowercase, numbers).
- Change the router name.
- Change the router wireless SSID.
- Don't broadcast the SSID.
- Use WPA/PSK with a strong password (no dictionary words, uppercase, lowercase, numbers) for wireless. Change the password every month.
- Use the MAC address filter list to provide some additional obfuscation and restriction.
- Put the router in "stealth" mode so it does not respond to any anonymous requests from the Internet. Make it "invisible" on the Internet.
- Run Firefox and the NoScript extension so only web sites that you explicitly choose to trust are allowed to run JavaScript in your browser.

Any other best practices? Is there any other browser that has the ability to control JavaScript execution as effectively as Firefox with NoScript? (Jaqui: ...without turning it off entirely... :-) ).


Best Practices For Securing A Wireless Network
[this page is a bit old and says to enable WEP...use WPA/PSK instead]

WEP: Dead Again, Part 1

WEP: Dead Again, Part 2

Wi-Fi security ? WEP, WPA and WPA2

Collapse -

well, you know

by DanLM In reply to Hack lets intruders sneak ...

When you have sys admins not changing defulat passwords to cisco routers, how can we expect the untrainined/uninformed to know to do it.

Chuckle Jaqui, I like that. A hat with pennies superglued... Yea, that would work.... But, then I would nock them out... They would claim innocence to leaving the password open because they were not of the right mind. Ehhhh, they claimed that argument already anyway.... Give me the hat.


Back to Software Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums