A security researcher says he has observed criminals using a new form of attack that causes victims to visit spoofed banking pages by secretly making changes to their high-speed home routers. According to Symantec researcher Zulfikar Ramzan, the attack changes a router's settings controlling the domain name system server that …
> One command from CLI.
> print "nameserver 192.168.1.1" > resolv.conf
Wrong. "print" is an alias of "run-mailcap". You meant this:
echo 'nameserver 192.168.1.1' >resolv.conf
Seems to me...
that the internet thingummy design is flawed.
If MS designed an OS that was this prone to hacking etc, people would be bitching about it on esteemed technical forums such as El Reg.
The internet should not be hackable via uPNP router fiddling any more than an OS should serve as a breeding ground for worms, trojans and other nasties.
Where's an Al Gore devil-icon so we throw poo at him? (since he calima Al:Internet == Windows:Bill)
Yes, I too remember the good old days. The MS manual was a good 200 to 300 pages long instead of this little 30 page getting started thing you get now. And hardware manuals were a minimum of 50 - 60 pages. Not to mention that everything you needed to rebuild your machine came on disk, instead of in some hidden partition that you need to figure out how to make recovery disks from. Guess we can thank the "pirates" for that attitude...... That and the dumbing of the world!
@TC Piffle. I recall the warm and damp feeling when the VMS 5.0 manuals arrived on a pallet.
MSDOS bit me on the arse big time with it's RECOVER command and inadequate documentation way back when I knew my Apple inside out and back to front and not much of anything else except for the "everything" every 16 YO knows.
Mum brought her work comp home having accidentally deleted a critical file. I read through the documentation found RECOVER which was described as being for recovering "lost" or damaged files. "Lost" = "deleted" seemed about right so I blythely typed in RECOVER *.* and my 16 YO self felt pretty bloody chuffed until I typed DIR once the hard drive finished chugging away.
Whoopsie. FILE0000.???, FILE0001.??? .... (??? coz it's been a lot of years and my first action on any new DOS machine from then on was DEL RECOVER.COM)
I was damned fortunate that there were less than 512 files on that machine.
I borrowed a boot disk and disk editor from a philistine (non apple) friend and with absolutely no knowledge of the disk structure whatsoever, rebuilt that sucker from scratch. The hard way. I sorted out which of those files were once directories and figured out the partition table and the links to it, but the rest was beyond me, so I recreated the directories with MKDIR, populated them with empty files of the proper names, cross linked everything to those empties and then zeroed out the recovered files in the root directory. About halfway through I cottoned onto little sigma and deleted files and did what I set out to do in the first place.
Oh and I bought a book that explained MS disk structures among other things as soon as I could scrape up the cash. I figured out rather quickly that what I spent several hours doing, could have been done in minutes with the right knowledge.
(Paris, 'coz the experience left me feeling rather blond.)
It's not uPNP
Just to clarify, although uPNP may (or may not) provide a vulnerability that attackers could use in this type of attack, the real-world attack in question used a design flaw in the 2Wire router. This did not involve uPNP and neither did it require a cracked password.
More details at http://www.computershopper.co.uk/news/159414/hackers-attack-broadband-routers.html
Just use decent...
...firmware on yer cr*ppy generic cheapo connexiant based routers....DDWRT on a WRT54G V7 is pretty good, makes it a little more challenging to exploit...or spend some serious cash on decent hardware alternative (Cisco IOS based).. As someone else suggested, using your own internal HOSTS file amongst other techniques is a good place to start - but if you couldn't figure this out for yourself with a little research and consideration then I'm afraid you are just good fodder ;)
Failing the aforementioned, just make sure you never submit your own information when online, just use someone elses - it's not like it's hard to get at these days :) (kidding, of course...)
I thought SKY routers had unique passwords assigned just before they were sent out to customers? I seem to remember a family member having bucket loads of grief trying to get into their router to check the settings, only to find out that the password was not a standard default from manufacturer, but reset by SKY. Maybe they no longer do this.
TC's tips are very useful and true, but I haven't seen the most obvious solution to this problem: turn on WPA encryption on your wireless router and use a decent password. On modern routers this is part of the default installation procedure. As far as I know, it's not possible to get into the router's admin page unless knowing the SSID/WPA password or being physically connection to it. Or am I missing something?
Default password not required on router
You don't need a default password on a router. You don't actually need ANY password on a router.
You provide a physical switch on the router labelled "Configure".
If the switch is on, then it provides the configuration page to any computer that connects, and does no routing (so you can't do anything with it apart from configure it).
If the switch is off it works normally.
Which means you have to physically access the router to configure it. Now it's as secure as your house is!
Sorry if my comments appeared to target anyone in particular. It was a general moan brought on by comments by a few others.
One good thing about their comments is that they remind me not to laugh at or complain about anyone who hasn't spent years/decades learning to do what I do!
Maybe we need an olive branch icon or a bucket of water dousing flames.
ISP's are half the problem
Now here is the biggest problem. Excluding attacks that enable access or make changes without the need for a password the ISP's are allowing compromise themselves. I have Comcast cable. They installed a cheap wireless router with the username "comcast" and the password "1234". They did not change this during the intstall nor did they mention it should be changed. To make matters worse they enabled the wireless and the guy told me that they were not allowed to set 128bit WEP, only 64 but that is ok because "look how long the password is!!!" rofl. He also did not give me the username or password to the router. I looked it up online in a default pw database. I logged into the router and:
- WEP is the only option. There is no WPA or WPA2.
- He used my last name as the SSID and also used the same name to generate the hash.
So, to compromise people on this very large national leading ISP the only thing needed is the broadcasted SSID. From there the network will be completely compromised in a matter of seconds. If the tech is diligent then the security is still based on WEP which again can be cracked in a few minutes regardless of what the tech says.
I have locked my router down as best as it could be and have tried to replace it with my own. So far they are not compatible with any routers beyond the ones they provide.
It's a one liner in Windows too:
netsh interface ip set dns "Local Area Connection" static 192.168.1.1
what the unwashed want
"the fact is that IT (any flavor) requires proper configuration and occasional monitoring; periodic revision, upgrades, and maintenance;"
i think you got the answer there, its the human element..
if you 1% IT bods put on blue (or brown - depends on the company) suits and went house to house like the meter reader or milkman (sorry - milkbeing) doing that configuration/monitoring/upgrade/periodic_revision stuff you could sort our home machines for us. you'd come as part of the deal when we bought vista/OSxxx/nix/nada/nothing or whatever. all you'd have to do is stick in the CD thingy the chap reckons we should go to the bank for (better for me, there aint no banks round here) and 'thanks mate, want a cuppa tea or coffee?' - we the punters would be secure.
the MS/Apple bankers would be happy cos a home visit from you would be the ONLY way to ensure security, cos 'open source' (as in free download and self-install) wouldn't come with a maintenance deal, (on second thoughts, of course it would, 'open source' milkbeings would just have slightly less commonly recognisable and somewhat more pretentious fleecies and 'open' punters would have to sign up 'outwith the corporate structure' , maybe via post-its stuck on lamposts , those router-readers could get paid in bananas or random Dawkins novels donated by the punters).
of course we'd have to ask to see your badge for proper security and impersonating you and nicking tenners from old ladies purses would be a low life crime. you might have to watch the local teenies didn't spit at you.
1% of our immigrant swollen nation gives sthg like 60,000 of you. given your ability to knock out tech talk evidenced above it'd only take one of you to write the CD (or maybe 4, that'd let you have multiple versions of the same thing) the other 59,996 would easily be able to plod the required streets and stairs.
You'd probably have to do customer relationship courses, like how to be polite when we the 99% tell you not to bother coming in cos we get our email through google. but that and a decent pair of boots each you'd do fine.
***Steve, Bill, think of the SAVINGS, how much do posties get paid?***
(Not secure that comparison...damn, almost had it sold there..)
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- Analysis Spam and the Byzantine Empire: How Bitcoin tech REALLY works
- VIDEO Herschel Space Observatory spots galaxies merging