Ask Leo!

Change Your Password - No, not that one...

Home » Podcasts » 2007 Podcasts

You probably need to change a password, but not the one you think.

Listen to the podcast: Change Your Password - No, not that one.... It's a podcast!

Transcript

This is Leo Notenboom for askleo.info.

News reports surfaced this week telling of a newly discovered vulnerability. Well, it's certainly not a new vulnerability, and whether or not it's really been "newly discovered" is arguable too. But it's definitely making the news.

As well it should.

So, let me ask you this: what's the password to your router? The password that you use to gain access to the router settings.

If you don't know, or you've never changed it you're probably at risk.

Here's how the vulnerability works:

A virus, some spyware, or even some Javascript from a malicious web site can try to connect, over your LAN, to the administration interface of your router. If you haven't changed that password, this malware can simply use the default password to login. Once that happens, all bets are off. One scenario is that the router might be silently reconfigured to, without warning, take you to some phishing site when you might think you're going to a legitimate site like eBay, Paypal or your bank.

"This vulnerability masquerades as an internal user on your LAN ..."

Scary, right?

So how many of you LinkSys owners have a password of "admin" on your router? That's the default password, and if that's the password to your router, you're at risk. If you have a different brand of router, the default is probably something else, but given the overwhelming popularity of brands such as LinkSys, Cisco, NetGear, DLink, and a handful of others, it's pretty easy for malware to just try them all until something works.

So, if you make only one security change today, change the password on your router. Remember to keep it in a safe place, of course, so you'll have it when you need it later.

Oh, and if you do forget the password later, almost all routers have a master reset sequence that will restore the router to its initial configuration, including that default password. Master reset not something you can do remotely; it typically involves actually pushing a button on the router. You'll lose any configuration changes you'll have made, but at least you'll be able to get back in.

Routers are an incredibly important part making sure your local network and the computers on it are safe from external threats. This vulnerability masquerades as an internal user on your LAN, so making sure that your router is configured securely with it's own unique password is extra important.

And yep ... until this morning my router's password was "admin".

Not any more.

I'd love to hear what you think. Visit askleo.info and enter 11177 in the go to article number box and leave me a comment. While you're there, search over 1,000 technical questions and answers on the site.

Till next time, I'm Leo Notenboom, for askleo.info.

Related:

FREE Newsletter

The Ask Leo! Newsletter - FREE weekly updates by email with the latest answers, tips, tricks and fun information you won't find anywhere else.

Your Name:

Email Address:

(Optional) Where did you hear about us?

Note: Questions entered above will be ignored. If you have a question please start here.

Click to subscribe to the weekly newsletter:

Why Subscribe?
Current Newsletter - RSS - Privacy policy
Every issue has simple unsubscribe instructions.

More articles about: 2007 Podcasts

Article Useful? Link to it from your own website; just copy/paste this HTML:

Article 11177 | Posted February 18, 2007

Recent Comments

Here is another explanation of the same problem.

http://michaelhorowitz2.blogspot.com/2007/03/home-routers-can-be-dangerous-very.html

And while on the subject of router configuration, I agree to use very long WPA passwords and to turn off remote admin. Let me also suggest turning off UPnP.

Posted by: Michael Horowitz at March 3, 2007 03:53 PM

Everyone should be using full 63 bits for the the WPA PSA key. Also change the SSID and turn off broadcasting, and use MAC address filtering limited to the machines you use. For long PSA keys and SSID's simply type out the info into Notepad and save the file somewhere on your PC where you can find it. Use ALL and/or ANY of the first 128 ASCII characters. Don't use words or names. You can easily load/reload the key and/or SSID to router, wireless device, etc. by simple copy and paste. Full security and nothing to remember.

Posted by: Chuck at March 5, 2007 08:55 AM

How can you change the password? The prompt screen for my Linksys WRT54G offers no apparent way to change from "ADMIN". Please tell me how to do this-- I must be overlooking something obvious.

Posted by: Jerry at March 6, 2007 08:36 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It varies some, but after I've logged into my LinkSys, across the top
there's a tab labeled "Password" right inbetween "Setup" and "Status".

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF7ZsiCMEe9B/8oqERAsvMAJ4r9sckMH53p5dyzFuwfqp9RxEMSQCfVki5
u1kVu1kb0Or+j6GzIvzNxEE=
=oOup
-----END PGP SIGNATURE-----

Posted by: Leo Notenboom at March 6, 2007 08:47 AM

I have a dlink and im not sure what the password is or how i change it. Please help!!!

Posted by: Joe at March 7, 2007 10:32 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That should be documented in the manual that came with your router. If
you don't have that, then I'd look for support information or
documentation on the dlink site: http://www.dlink.com/

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF702ZCMEe9B/8oqERAt7UAJ9QSYKlT//GUTClkfo6eWWEQReUpgCbB3qG
5O6WJQJ02f2SJlmvKf8cytg=
=9ADf
-----END PGP SIGNATURE-----

Posted by: Leo Notenboom at March 7, 2007 03:41 PM

I initially changed the admin password of my d-link router but I forgot it. Is there way I can recover the password?

Posted by: Hilary at May 29, 2007 11:08 AM

Ok i changed my Linksys Password and i forgot how do i reset it?

Posted by: Wilson at July 13, 2007 08:20 PM

admin is the username and password is the default password on my LinkSys Router. I have changed the password but not the username. How do I do that?

Posted by: Louis at March 14, 2008 10:40 PM

haha, I have a mac and a mac airport extreme with a very long password and username

Posted by: Jordan at March 19, 2008 07:41 PM

Post a comment on "Change Your Password - No, not that one...":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!


New!

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Please wait. Your comment is being processed ...

Ask Your Question:


ask-leo.com
Web

Archives

By Category
By Date

Advertisers

Advertise on Ask Leo!

««   »»

Question? - Ask Leo!
Who is Leo?
Link to Leo!

Terms, Conditions & Privacy