|
Home »
Podcasts
» 2007 Podcasts
Listen to the podcast: Change Your Password
- No, not that one.... Transcript This is Leo Notenboom for askleo.info. News reports surfaced this week telling of a newly discovered vulnerability. Well, it's certainly not a new vulnerability, and whether or not it's really been "newly discovered" is arguable too. But it's definitely making the news. As well it should. So, let me ask you this: what's the password to your router? The password that you use to gain access to the router settings. If you don't know, or you've never changed it you're probably at risk. Here's how the vulnerability works: A virus, some spyware, or even some Javascript from a malicious web site can try to connect, over your LAN, to the administration interface of your router. If you haven't changed that password, this malware can simply use the default password to login. Once that happens, all bets are off. One scenario is that the router might be silently reconfigured to, without warning, take you to some phishing site when you might think you're going to a legitimate site like eBay, Paypal or your bank. "This vulnerability
masquerades as an internal user on your LAN ..."
Scary, right? So how many of you LinkSys owners have a password of "admin" on your router? That's the default password, and if that's the password to your router, you're at risk. If you have a different brand of router, the default is probably something else, but given the overwhelming popularity of brands such as LinkSys, Cisco, NetGear, DLink, and a handful of others, it's pretty easy for malware to just try them all until something works. So, if you make only one security change today, change the password on your router. Remember to keep it in a safe place, of course, so you'll have it when you need it later. Oh, and if you do forget the password later, almost all routers have a master reset sequence that will restore the router to its initial configuration, including that default password. Master reset not something you can do remotely; it typically involves actually pushing a button on the router. You'll lose any configuration changes you'll have made, but at least you'll be able to get back in. Routers are an incredibly important part making sure your local network and the computers on it are safe from external threats. This vulnerability masquerades as an internal user on your LAN, so making sure that your router is configured securely with it's own unique password is extra important. And yep ... until this morning my router's password was "admin". Not any more. I'd love to hear what you think. Visit askleo.info and enter 11177 in the go to article number box and leave me a comment. While you're there, search over 1,000 technical questions and answers on the site. Till next time, I'm Leo Notenboom, for askleo.info. Related:
FREE Newsletter The Ask Leo! Newsletter - FREE weekly updates by email with the latest answers, tips, tricks and fun information you won't find anywhere else.
Why Subscribe? • Recent Comments
Here is another explanation of the same problem. http://michaelhorowitz2.blogspot.com/2007/03/home-routers-can-be-dangerous-very.html And while on the subject of router configuration, I agree to use very long WPA passwords and to turn off remote admin. Let me also suggest turning off UPnP. Posted by: Michael Horowitz at March 3, 2007 03:53 PMEveryone should be using full 63 bits for the the WPA PSA key. Also change the SSID and turn off broadcasting, and use MAC address filtering limited to the machines you use. For long PSA keys and SSID's simply type out the info into Notepad and save the file somewhere on your PC where you can find it. Use ALL and/or ANY of the first 128 ASCII characters. Don't use words or names. You can easily load/reload the key and/or SSID to router, wireless device, etc. by simple copy and paste. Full security and nothing to remember. Posted by: Chuck at March 5, 2007 08:55 AMHow can you change the password? The prompt screen for my Linksys WRT54G offers no apparent way to change from "ADMIN". Please tell me how to do this-- I must be overlooking something obvious. Posted by: Jerry at March 6, 2007 08:36 AM-----BEGIN PGP SIGNED MESSAGE----- It varies some, but after I've logged into my LinkSys, across the top Leo iD8DBQFF7ZsiCMEe9B/8oqERAsvMAJ4r9sckMH53p5dyzFuwfqp9RxEMSQCfVki5 I have a dlink and im not sure what the password is or how i change it. Please help!!! Posted by: Joe at March 7, 2007 10:32 AM-----BEGIN PGP SIGNED MESSAGE----- That should be documented in the manual that came with your router. If Leo iD8DBQFF702ZCMEe9B/8oqERAt7UAJ9QSYKlT//GUTClkfo6eWWEQReUpgCbB3qG I initially changed the admin password of my d-link router but I forgot it. Is there way I can recover the password? Posted by: Hilary at May 29, 2007 11:08 AMOk i changed my Linksys Password and i forgot how do i reset it? Posted by: Wilson at July 13, 2007 08:20 PMadmin is the username and password is the default password on my LinkSys Router. I have changed the password but not the username. How do I do that? haha, I have a mac and a mac airport extreme with a very long password and username Posted by: Jordan at March 19, 2008 07:41 PMPost a comment on "Change Your Password - No, not that one...":
|
Archives Advertisers |
