Re: [ISN] Popular Linksys Router Vulnerable to Attack

From: InfoSec News (isnat_private)
Date: Tue Nov 05 2002 - 04:06:42 PST

Next message: InfoSec News: "[ISN] Hackers stick California city with $30,000 phone bill"

Previous message: InfoSec News: "[ISN] A New Cryptography Uses The Quirks of Photon Streams"
Maybe in reply to: InfoSec News: "[ISN] Popular Linksys Router Vulnerable to Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Eric Lee Green <ericat_private>

On Sunday 03 November 2002 11:29 pm, InfoSec News wrote:
> http://www.eweek.com/article2/0,3959,663801,00.asp In many cases,
> there is no reason for the remote management interface to be enabled
> and disabling it serves as an easy defense against this problem.

More correctly, I should say that in ALL cases there is no reason for
the remote management interface on a Linksys router to be enabled.
This interface is a totally unencrypted web application that sends the
system management password over the Internet in plain text. Any script
kiddie with a password sniffer then gets access to your router -- and
to your network.

-- 
Eric Lee Green          GnuPG public key at http://badtux.org/eric/eric.gpg
          mailto:ericat_private  Web: http://www.badtux.org

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Hackers stick California city with $30,000 phone bill"
Previous message: InfoSec News: "[ISN] A New Cryptography Uses The Quirks of Photon Streams"
Maybe in reply to: InfoSec News: "[ISN] Popular Linksys Router Vulnerable to Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 06:30:23 PST