Dangers of default "passwords"

[honvetops]

The Dangers of Default Passwords

Stroll through any neighborhood with an open laptop in hand and you will probably notice your machine automatically connecting to various wireless Internet routers that local residents have set up. If you are given a connection that allows you to surf the Web, chances are very good that you can also assume control over the same network that gave you the access.

In my experience, few people who operate wide-open wireless networks -- those unprotected by even the simplest encryption technology -- ever bother to change the default user name and password needed to reconfigure the router. Perhaps consumers who operate open networks aren't terribly worried about their neighbors "sniffing" the ambient wireless airwaves for passwords and other sensitive data. But it may be that a person running a router under the default factory settings has more to fear from a malicious Web site than a local interloper.

Researchers at Symantec Corp. have devised a series of "proof-of-concept" exploits that show how an Internet user running any one of several name-brand, $50 - $100 routers under the default factory settings could be in a world of trouble in a very short time, just by browsing to a malicious Web site. One of the easiest ways to commandeer a factory-set wireless router remotely is through the use of Javascript, a powerful Web programming language that makes it easy for Web sites to monkey with or otherwise manipulate a computer's settings.

For example, a nasty site could use Javascript to change the default settings on a router so that anytime the victim tries to visit a bank Web site he or she is silently redirected to a counterfeit site set up to steal online banking credentials (this is a type of phishing attack known as "pharming.") Or, the attackers could poke holes in the router's built-in firewall to allow certain types of traffic to slip through.   [highlight](link- to FULL article)   f..y..i.....[/highlight]   8-)

http://blog.washingtonpost.com/securityfix/2007/02/wifi_router_users_change_the_d.html?nav=rss_blog

[Calum]

Good post honvetops.
Even near me there are a lot of unsecured networks I could easily connect to, should I wish to do so.
I think that the responsibility for securing networks lies not only with the use, but with the manufacturer of the equipment too.
Many manufacturers do not provide a simple way to enable security, and some do not even mention how to set it up but leave you to figure it out on your own.
And equally, many users are not aware of the dangers of unsecured networks, and should read up on it at least a little before purchasing anything of the sort.

[honvetops]

Thanks, Calum *
I look forward to your replies everyday,  I learn *

[Calum]

Hehe.
Thanks.
It's nice to have interesting topics to reflect upon and discuss with everyone here, supplied by you.