Feeds

back to article Be customers still exposed by router snafu

O2-owned ISP Be is fighting a constant battle to stay one step ahead of hackers because of a router vulnerability exposed back in February. Be subscribers were exposed when London student Sid Karunaratne demonstrated it was possible to gain remote root access using poorly concealed telnet backdoors. Admin usernames and …

COMMENTS

This topic is closed for new posts.
Rod

"Flash"?

Um - isn't Flash memory nonvolatile? This script must just be updating something in RAM, not flashing the firmware.

0
0

Non volatile

Non-volatile just means it doesn't "forget" when you turn the power off. You can still change its contents.

0
0

Re: "Flash"

Actually I doubt the firmware is stored in actual flash memory (which is writeable, hence things like the iPod nano), probably an EEPROM. The SpeedTouch 780 (AKA BeBox) allows someone with the administrative password to upload and apply a new firmware via FTP. So Be essentially exploit the security hole in order to fix it.

0
0

Fix

As a Be*ing myself, I was one of the one's that flagged up the fact that a factory reset or reload of firmware and /or the Be config templates would negate the fix Be were implementing with the script

The script just modifies the config (user.ini file) and restricts access by IP as opposed to leaving things open for anyone to access

I can feel a hardware refresh coming along at some point

0
0
Thumb Down

Restore

"Customers sometimes restore factory settings when the router crashes too."

Or when we have problems with Be's DNS servers, or network, which is every bloody day at the moment.

0
0
Thumb Down

Rubbish box anyway

Being here too, good speeds crap service.

With all the problems I have with my bebox (wireless is shafted) im resorting to buying a netgear anyway, they can have this pile of crap back.

0
0

@Rubbish Box

I would mostly agree with that.

The service is generally excellent - no outages that I've noticed on my connection which is in use 24/7 - and the price has recently been dramatically cut too.

Still, the default SpeedTouch unit is a hunk of crap. I'll be ordering a decent ADSL2+ modem fairly shortly myself.

Why would you go with NetGear though, thats almost as bad! The wireless works perfectly on mine - I've given my downstairs neighbour a WPA2 key for it - he can access it no problem and gets good speeds despite loads of solid stuff (including a metal filing cabinet) between him and the access point. I reckon if you're having wireless issues, changing to a NetGear device will be throwing your money away.

0
0
This topic is closed for new posts.