Can I hear a "whoops"?
Fri Apr 09, 2004 3:42 pm
Fri Apr 09, 2004 3:58 pm
Actually, this happened years ago on another Cisco product. The whole security community (such as it is) went ballistic, Cisco apologized, issued a patch, swore that it wouldn't happen again.
They will never learn... nor will other providers.
I know the hard-wired backdoor to the Norstar phone PBX, which is an industry standard, installed in millions of enterprises. If you have that phone system, I can do what I want with it, and you can't take the backdoor out. It doesn't matter much, because 90% of them still have the default admin password.
They will never learn... nor will other providers.
I know the hard-wired backdoor to the Norstar phone PBX, which is an industry standard, installed in millions of enterprises. If you have that phone system, I can do what I want with it, and you can't take the backdoor out. It doesn't matter much, because 90% of them still have the default admin password.
Fri Apr 09, 2004 4:05 pm
I dont know about you, but if you are an administrator that buys a device like that and just throws it out on the internet without looking for new firmware or configuring it, you DESERVE to be hacked.
Fri Apr 09, 2004 4:18 pm
Originally posted by MMmmGood
I dont know about you, but if you are an administrator that buys a device like that and just throws it out on the internet without looking for new firmware or configuring it, you DESERVE to be hacked.
Aye, first thing I did when I got my linksys router was change the password. I see so many un-encrypted WAPs, I just know they still have the default admin password.
Fri Apr 09, 2004 4:26 pm
Problem with hard-coded backdoors is, you can't change them.
Fri Apr 09, 2004 4:32 pm
Originally posted by Xenius
Aye, first thing I did when I got my linksys router was change the password. I see so many un-encrypted WAPs, I just know they still have the default admin password.
It's funny that you mention Linksys routers.
About a week ago my internet was out for about 4 days. I got desperate and started roaming the neighborhoods wireless networks.
One of my neighbors has wireless enabled, broadcasts his SSID, doesnt require WEP or any sort of MAC filtering, and has the default password.
I was able to login to his router once I got a IP via DHCP and see his computer connected. His internet was out too
Fri Apr 09, 2004 6:58 pm
You war-driver, you.
Fri Apr 09, 2004 7:36 pm
From a purely legal standpoint, is what you did against the law? If a person such as your neighbor leaves his network wide open, could he actually sue someone for logging into it without permission (even though he didn't protect himself)?Originally posted by MMmmGood
It's funny that you mention Linksys routers.
About a week ago my internet was out for about 4 days. I got desperate and started roaming the neighborhoods wireless networks.
One of my neighbors has wireless enabled, broadcasts his SSID, doesnt require WEP or any sort of MAC filtering, and has the default password.
I was able to login to his router once I got a IP via DHCP and see his computer connected. His internet was out too
This is pure curiousity, I'm not passing judgement or implying that what you attempted to was wrong. Is this not equivalent to leaving your house doors unlocked? Just because I don't lock my doors, doesn't make it legal for a stranger to enter my house.
These kinds of technicalities intrigue me.
Fri Apr 09, 2004 7:38 pm
Originally posted by Xenius
Aye, first thing I did when I got my linksys router was change the password. I see so many un-encrypted WAPs, I just know they still have the default admin password.
how do I do this?
Fri Apr 09, 2004 7:40 pm
Good point timber but can you sue someone who has already left the scene of the crime? Yes, but you have to find them first 
.
.
Fri Apr 09, 2004 8:30 pm
Well let's say I know that MMmmGood hacked into my router and even though I had done nothing to prevent him from using the default login/password, is he breaking the law?Originally posted by Rand0m
Good point timber but can you sue someone who has already left the scene of the crime? Yes, but you have to find them first
Fri Apr 09, 2004 9:38 pm
Coming to a theater near u
"Good hacking the Hood"
Starring... well... Good
"Good hacking the Hood"
Starring... well... Good
Fri Apr 09, 2004 9:49 pm
thsi stuff scares me and this is why I do not want to go wireless...I think that I will stay wired for now...at least until I understand the wireless better and can take appropriate precautions...
Apparently it is very easy to hit one of these hot spots and dial into someone else's wireless connection...as Good has proved I guess.
Apparently it is very easy to hit one of these hot spots and dial into someone else's wireless connection...as Good has proved I guess.
Fri Apr 09, 2004 9:51 pm
Tommy, you can filter MAC addresses to only allow MACs that you specify into your network. There are those who say that MACs are easily spoofed but I'll take my chances that some guy's not going to park outside my house and spoof the correct MAC address.
Fri Apr 09, 2004 9:55 pm
MAC does not mean Macintosh I guess?
What does it mean...obsiously I don't know my arse from a hole in the ground...
What does it mean...obsiously I don't know my arse from a hole in the ground...