Forwarded from: Eric Lee Green <ericat_private> On Sunday 03 November 2002 11:29 pm, InfoSec News wrote: > http://www.eweek.com/article2/0,3959,663801,00.asp In many cases, > there is no reason for the remote management interface to be enabled > and disabling it serves as an easy defense against this problem. More correctly, I should say that in ALL cases there is no reason for the remote management interface on a Linksys router to be enabled. This interface is a totally unencrypted web application that sends the system management password over the Internet in plain text. Any script kiddie with a password sniffer then gets access to your router -- and to your network. -- Eric Lee Green GnuPG public key at http://badtux.org/eric/eric.gpg mailto:ericat_private Web: http://www.badtux.org - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 06:30:23 PST