Can I hear a "whoops"?
21 posts
• Page 1 of 2 • 1, 2
by Chacal » Fri Apr 09, 2004 3:58 pm
Actually, this happened years ago on another Cisco product. The whole security community (such as it is) went ballistic, Cisco apologized, issued a patch, swore that it wouldn't happen again.
They will never learn... nor will other providers.
I know the hard-wired backdoor to the Norstar phone PBX, which is an industry standard, installed in millions of enterprises. If you have that phone system, I can do what I want with it, and you can't take the backdoor out. It doesn't matter much, because 90% of them still have the default admin password.
They will never learn... nor will other providers.
I know the hard-wired backdoor to the Norstar phone PBX, which is an industry standard, installed in millions of enterprises. If you have that phone system, I can do what I want with it, and you can't take the backdoor out. It doesn't matter much, because 90% of them still have the default admin password.
Chacal
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
- Xenius
by Xenius » Fri Apr 09, 2004 4:18 pm
Originally posted by MMmmGood
I dont know about you, but if you are an administrator that buys a device like that and just throws it out on the internet without looking for new firmware or configuring it, you DESERVE to be hacked.
Aye, first thing I did when I got my linksys router was change the password. I see so many un-encrypted WAPs, I just know they still have the default admin password.
by Chacal » Fri Apr 09, 2004 4:26 pm
Problem with hard-coded backdoors is, you can't change them.
Chacal
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
- MMmmGood
by MMmmGood » Fri Apr 09, 2004 4:32 pm
Originally posted by Xenius
Aye, first thing I did when I got my linksys router was change the password. I see so many un-encrypted WAPs, I just know they still have the default admin password.
It's funny that you mention Linksys routers.
About a week ago my internet was out for about 4 days. I got desperate and started roaming the neighborhoods wireless networks.
One of my neighbors has wireless enabled, broadcasts his SSID, doesnt require WEP or any sort of MAC filtering, and has the default password.
I was able to login to his router once I got a IP via DHCP and see his computer connected. His internet was out too
by Chacal » Fri Apr 09, 2004 6:58 pm
You war-driver, you.
Chacal
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
[SIZE="1"][color="LightBlue"]Reporter: "Mr Gandhi, what do you think of western civilization?"
Gandhi: "I think it would be a great idea."[/color][/SIZE]
- hightimber
-
- Posts: 1157
- Joined: Sun Dec 01, 2002 5:17 pm
- Location: Colorado Springs, CO
by hightimber » Fri Apr 09, 2004 7:36 pm
From a purely legal standpoint, is what you did against the law? If a person such as your neighbor leaves his network wide open, could he actually sue someone for logging into it without permission (even though he didn't protect himself)?Originally posted by MMmmGood
It's funny that you mention Linksys routers.
About a week ago my internet was out for about 4 days. I got desperate and started roaming the neighborhoods wireless networks.
One of my neighbors has wireless enabled, broadcasts his SSID, doesnt require WEP or any sort of MAC filtering, and has the default password.
I was able to login to his router once I got a IP via DHCP and see his computer connected. His internet was out too
This is pure curiousity, I'm not passing judgement or implying that what you attempted to was wrong. Is this not equivalent to leaving your house doors unlocked? Just because I don't lock my doors, doesn't make it legal for a stranger to enter my house.
These kinds of technicalities intrigue me.
by Tommy Boy » Fri Apr 09, 2004 7:38 pm
Originally posted by Xenius
Aye, first thing I did when I got my linksys router was change the password. I see so many un-encrypted WAPs, I just know they still have the default admin password.
how do I do this?
- hightimber
-
- Posts: 1157
- Joined: Sun Dec 01, 2002 5:17 pm
- Location: Colorado Springs, CO
by hightimber » Fri Apr 09, 2004 8:30 pm
Well let's say I know that MMmmGood hacked into my router and even though I had done nothing to prevent him from using the default login/password, is he breaking the law?Originally posted by Rand0m
Good point timber but can you sue someone who has already left the scene of the crime? Yes, but you have to find them first.
by -HaVoC- » Fri Apr 09, 2004 9:38 pm
Coming to a theater near u
"Good hacking the Hood"
Starring... well... Good
"Good hacking the Hood"
Starring... well... Good
-
"Now, if things look bad, and it looks like your not going to make it, then you've got to get mean, I mean plum mad dog mean, 'cause if you lose your head and give up then you neither live nor win, and that's just the way it is."
- The Outlaw Josey Wales -
put me on the team that Harry aint on....I sure miss shooting him and if im on the same team as HaVoC...OMFG we will stomp a mudhole in you and walk it dry.
- YaDad -
"Now, if things look bad, and it looks like your not going to make it, then you've got to get mean, I mean plum mad dog mean, 'cause if you lose your head and give up then you neither live nor win, and that's just the way it is."
- The Outlaw Josey Wales -
put me on the team that Harry aint on....I sure miss shooting him and if im on the same team as HaVoC...OMFG we will stomp a mudhole in you and walk it dry.
- YaDad -
by Tommy Boy » Fri Apr 09, 2004 9:49 pm
thsi stuff scares me and this is why I do not want to go wireless...I think that I will stay wired for now...at least until I understand the wireless better and can take appropriate precautions...
Apparently it is very easy to hit one of these hot spots and dial into someone else's wireless connection...as Good has proved I guess.
Apparently it is very easy to hit one of these hot spots and dial into someone else's wireless connection...as Good has proved I guess.
- hightimber
-
- Posts: 1157
- Joined: Sun Dec 01, 2002 5:17 pm
- Location: Colorado Springs, CO
by hightimber » Fri Apr 09, 2004 9:51 pm
Tommy, you can filter MAC addresses to only allow MACs that you specify into your network. There are those who say that MACs are easily spoofed but I'll take my chances that some guy's not going to park outside my house and spoof the correct MAC address.
21 posts
• Page 1 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 17 guests