back to article Hackers pop Brazil newspaper to root home routers

A popular Brazilian newspaper has been hacked by attackers who used code that attacked readers' home routers, says researcher Fioravante Souza of web security outfit Sucuri. Attackers implanted iFrames into the website of Politica Estadao, which, when loaded, began brute force password guessing attacks against users. Souza …

  1. Rick Giles
    Pirate

    Java as a crutch

    "Concerned users should disable JavaScript and play options for browser objects..."

    I have No Script, AdBlock Plus an Ghostery in Firefox and just about every web page I go to either bitches about the ABP or the Java needs to be enabled. Can't go anywere on the web anymore without running into the Java crutch.

    1. Anonymous Coward
      Anonymous Coward

      Re: Java as a crutch

      Java ≠ JavaScript

    2. Elmer Phud
      Facepalm

      Re: Java as a crutch

      "The attack code was manipulated to target Internet Explorer"

      load up all the protection you want -- it ain't aimed at FFox.

      1. david 12 Silver badge

        Re: Java as a crutch

        FF doesn't run Javascript exploits? Thank God I can get rid of NoScript -- Everyday more of the www refuses to run unless it can first check that you have a 'supported' browser.

  2. Mike Bell

    Concerned users should probably put a decent strong password into their routers first and foremost. While good old Internet Explorer / Iframes have played their part here, a weakly protected router is an easy target for all manner of possible attacks. Most routers have an http login page, so they're just another regular resource to be used on the local network, and the IP address is going to be 192.168.0.1 most of the time, so it's not exactly hard to guess.

    The problem lies fair and square with the router manufacturer, though. They should not allow such easy access out of the box, and the great majority of consumers won't have a clue about the risk. They certainly won't be reading The Register and tampering with browser plugins as a safety measure.

    1. Ole Juul

      add a sticker

      The problem lies fair and square with the router manufacturer, though.

      I notice that my consumer routers have a unique serial number and MAC address on the bottom. Manufacturers could just as easily put a unique default password there as well. That wouldn't cause a lot of trouble for people and would cut down some percentage of hacks.

      1. Steve Graham

        Re: add a sticker

        That's exactly how it was on my recent Technicolor router from Plusnet. You even get a plastic card with the wifi and admin passwords (both "random" character strings).

        I still changed mine though.

        I also turned off remote network management.

      2. NogginTheNog

        Re: add a sticker

        The ISP supplied routers I've seen have done this for at least a couple of years.

        1. Anonymous Coward
          Mushroom

          Re: add a sticker

          Not the latest Comcast Xfinity router here. I looked the admin credentials up in their FAQ and the WPA2 default network connection password is the router's MAC address. It's not to be changed as the property owner (and cable bill-payer) has unilaterally decreed it so. I don't think I need to mention I have a MiFi connection for secure connections which defeats the whole purpose of providing the connection as part of the rent.

      3. TraceyC

        Re: add a sticker

        This is what AT&T does with their UVerse routers in the US. The sticker on the side has the IP, MAC, serial number, and default login credentials. The passwords are unique to each router and are strong (with alphanumerics, upper case, lower case, and special characters). This ought to be standard practice with all routers.

  3. Anonymous Coward
    Anonymous Coward

    192.167.1.1?

    Surely that's supposed to be 192.168.1.1, or the trojan is wasting its time.

  4. Cronus
    Trollface

    Apple on the brain much?

    Last I checked HTML had IFrames not iFrames. Methinks somebody has been writing about Apple products a tad too much lately.

    1. Fatman

      Re: Apple on the brain much?

      Methinks somebody has been writing about Apple products a tad too much lately.

      Or drank a gallon of cider lately!

      </snark>

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like