If you have ever read this silly little blog, you know that I use profanity and sexual language a HOLE-FUCKING-LOT. (I know it's spelled wrong)
WE'RE FUCKED! Our Internet overlords who run our home networks fucked up and left a back door in your router, unintentionally. Please read this simple and to the point blog post by Stefan Veihbock.
Our government, Department of Homeland Security, and not some industry watchdog group has a nifty little office called CERT/CC, Computer Emergency Response Team Coordination Center. Apparently Mr. Veihbock reported this vulnerability (VU#723755) that he and Craig Heffner of Tactical Network Solutions independently discovered.
Here it is as I understand the situation. There is an "Easy Setup" button on your router called WPS, or WiFi Protected Setup. This is supposed to let you use a PIN that is usually hard-coded into most routers to setup your wireless devices in your house without losing too many hairs from your head. I haven't test what is does below the belt as of late. Anyway, it is accurate to say that there are now two published tools that let relative computer novices gain access to your router settings and, yes, your network. This is a freak out moment. I'll wait while you get in crash position.
BUT...
For once in my life I didn't cheap the fuck out and buy a crappy router. My upscale Netgear has an option in the firmware to disable and/or change the PIN. I had a feeling one day that extra $60 I spent on that router was going to be money well spent.
For you cheap ass brethren and sisters, until you get back on your feet from your stretched out and bouncy checking accounts after Christmas, turn off the radio in the router settings while you are not using the WiFi. If you are not confident enough to do that, turn off the router when you don't need the Internet and home network. Beware your Netflix and Hulu etc and Voice over IP (Vonage for example) all come through that little box as well.
From some of the reporting on this it seems that a hacker would have to be pretty persistent to take the time necessary to crack your PIN. Unless you are what Las Vegas calls a whale, it would hardly be worth it to a professional thief to choose your house to hit.
I am extremely concerned about homes with security and automation computer systems installed. Depending on the design of the system a hacker could in theory gain access to your cameras, telephones, lighting, shades, and door locks. His own smart phone could be used to reset security settings, unlock your front door, and walk right in. Even a prankster could just lock you out.
If you have one of these systems installed in your house, do not hesitate to call your installer or security service provider and have them check or replace the router. It may be wise to invest in a small computer to act as the router for your network.
This is an important story, so ask your radio and television station to spread the word. A little education can help mitigate the danger with this exploit.
I love you all, Happy New Year and stay safe and secure.
Your Average Idiot
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment