1 post • joined Saturday 23rd February 2008 01:26 GMT
That's not all
I am a Sky customer, I noticed that the WPA key was too short and all upper case. Not to hard to brute force or use some lookup tables on.
Furthermore, Sky put their own firmware on the netgear router and change the default netgear password so I was unable to log in. The router comes with no information whatsoever about how to login and configure the router, and no username and password combination.
I was terrified when The router arrived since I did not want Sky to dictate my configuration. Luckily the username and password is easily found on forums. It appears as if Sky thought that their one size fits all configuration was sufficient for all customers. There are numerous changes that need to be made to the router such as: turning UPNP off (I don't trust it) Closing some firewall ports that are open despite having a single DENY ALL rule, setting up logging, adding inbound rules (yes Sky, some people do like to have connectivity in to their home network).
Whats more disturbing is that the ISP credentials are hidden and you are not supposed to change the router (There are ways around this but not if you want to adhere to the ToS). The router is not the best choice as it has multiple known vulnerabilities, I have to whack another firewall behind it to protect my internal LAN.
Sky seem to assume that all their customers know absolutely nothing about security or IT, I found that with the extremely unknowledgable technical support staff at all three tiers of support. I was given many pieces of incorrect technical information and even was told to change my WIFI security to WEP after I asked for a replacement router as my wireless was not working. I informed them that I have plenty of experience troubleshooting wireless and that the router was definitely faulty.
I really could go on for ages about Skys lack of technical and security awareness...