Jump to content


Photo

Home routers under attack...


  • Please log in to reply
54 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 16 February 2007 - 06:42 AM

FYI...

- http://preview.tinyurl.com/2ubp3y
February 15, 2007 ~ "If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code... Once the router has been compromised, victims can be redirected to fraudulent Web sites, the researchers say. So instead of downloading legitimate Microsoft software updates, for example, they could be tricked into downloading malware. Instead of online banking, they could be giving up sensitive information to phishers..."

:eek:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 17 February 2007 - 05:41 AM

More on this...

- http://news.com.com/...g=st.util.print
Feb 16, 2007 ~ "...Router makers already know of the problems with default passwords as well as other security concerns, they said. Linksys, for example, recommends that customers change the default password during the installation procedure, said Karen Sohl, a representative for the company, a division of Cisco Systems. "We are aware of this," she said. On its Web site*, Linksys warns users that miscreants are taking advantage of the default passwords. "Hackers know these defaults and will try them to access your wireless device and change your network settings. To thwart any unauthorized changes, customize the device's password so it will be hard to guess," the company states. Still, although Linksys' software recommends the password change, consumers can either plug in their router without running the installation disk or bypass the change screen, keeping the defaults. The company offers detailed information on how to change the router password on its Web site. Netgear and D-Link also recommend password changes.

Linksys:
* http://preview.tinyurl.com/2awst3

.

Edited by apluswebmaster, 17 February 2007 - 05:45 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 17 February 2007 - 03:08 PM

FYI...

http://www.us-cert.g....html#drvbphrmg
February 16, 2007 (re-verified 2008.04.17)
...The best defense against this type of attack is for home users to change their default password. The following links provide support resources for three of the more common home router vendors:

* D-Link - http://support.dlink...sp?prod_id=1997

* Linksys - http://linksys.custh...hp?p_faqid=3976

* NETGEAR - http://kbserver.netg...les/N100651.asp

...

.

Edited by apluswebmaster, 17 April 2008 - 03:25 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 21 February 2007 - 06:39 AM

FYI...

- http://preview.tinyurl.com/2pw3qg
February 20, 2007 ~ "...The attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers. In an advisory* posted Thursday, Cisco listed 77 vulnerable routers in the lines sold to small offices, home offices, branch offices and telecommuters. The advisory recommended that users change the default username and password required to access the router's configuration settings, and disable the device's HTTP server feature..."

* http://www.cisco.com...0215-http.shtml
Updated: Feb 15, 2007

> http://preview.tinyurl.com/yshqf

!

Edited by apluswebmaster, 21 February 2007 - 06:42 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 02 October 2007 - 05:54 PM

FYI...

Default Passwords: A Hacker's Dream
- http://www.informati...cleID=202101781
Sept. 26, 2007 - "...Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure. The biggest insecurity? Default passwords. "I'd say 85% of them were misconfigured routers. They had the default passwords on them," said Moore..."


:rolleyes:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 15 January 2008 - 08:56 AM

Ongoing focus...

Home routers 'vulnerable to remote take-over'
- http://www.channelre...ter_insecurity/
15 Jan 2008 - "...Design flaw in most home routers that allows attackers to remotely control the devices by luring an attached computer to a booby-trapped website. The weakness could allow attackers to redirect victims to fraudulent destinations that masquerade as trusted sites belonging to banks, ecommerce companies or health care organizations. The exploit works even if a user has changed the default password of the router. And it works regardless the operating system or browser the computer connected to the device is running, as long as it has a recent version of Adobe Flash installed... Routers made by Linksys, Dlink and SpeedTouch have been confirmed to be vulnerable, and other manufacturers' products are also likely susceptible to attack, the researchers said. Most routers have UPnP turned on by default. The only way to prevent the attack is to turn the feature off, something that is possible with some, but not all, devices..."

- http://www.us-cert.g..._router_exploit
January 14, 2008

- http://isc.sans.org/...ml?storyid=3848
Last Updated: 2008-01-15 16:55:01 UTC

:ph34r:

Edited by apluswebmaster, 22 January 2008 - 07:36 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 22 January 2008 - 12:03 PM

FYI...

Drive-by Pharming in the Wild
- http://preview.tinyurl.com/yqutaj
January 22, 2008 (Symantec Security Response Weblog) - "In a previous blog entry* posted almost a year ago, I talked about the concept of a drive-by pharming attack. With this sort of attack, all a victim would have to do to be susceptible is simply view the attacker’s malicious HTML or JavaScript code, which could be placed on a Web page or embedded in an email. The attacker’s malicious code could change the DNS server settings on the victim’s home broadband router (whether or not it’s a wireless router). From then on, all future DNS requests would be resolved by the attacker’s DNS server, which meant that the attacker effectively could control the victim’s Internet connection. At the time we described the attack concept, it was theoretical in the sense that we had not seen an example of it “in the wild.” That’s no longer the case... In one real-life variant that we observed, the attackers embedded the malicious code inside an -email- that claimed it had an e-card waiting for you at the Web site gusanito . com. Unfortunately the email also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site. Now, anyone who subsequently tried to go to this particular banking Web site (one of the largest banks in Mexico) using the same computer would be directed to the attacker’s site instead. Anyone who transacted with this rogue site would have their credentials stolen... I would still recommend changing the default router password to something that’s more difficult to guess. For many other router models, doing so will protect you... Also, in general I’d recommend that you reset the router anyway before changing your password. This step ensures that if you have become a victim already, you can start with a clean slate..."
* http://preview.tinyurl.com/2uqwug

> http://www.spywarein...howtopic=111421

- http://isc.sans.org/...ml?storyid=3881
Last Updated: 2008-01-24 02:11:21 UTC

:ph34r: :evilgrin:

Edited by apluswebmaster, 24 January 2008 - 07:49 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 09 March 2008 - 09:08 AM

FYI...

Defending your router, and your identity, with a password change
- http://www.cnet.com/...3.html?tag=more
March 8, 2008 - "...Every router, wired or wireless, has an internal website used to make configuration changes. Accessing this internal website requires a userid/password, something totally independent of any wireless network passwords... In brief, if your router is using the default password, your computer is vulnerable to an attack where the router is re-configured. Specifically, the dangerous configuration option is the DNS server... Malicious DNS servers can result in your visiting to a website, any website, and ending up at a phony version of the site run by bad guys. If the website is that of a bank or credit card company, and you enter a userid/password, you can kiss your identity, and money, good-bye..."

- http://www.apwg.org/
Released: 3 Mar 08 - APWG Releases Dec 2007 Phishing Trends Report
(From the report - pg. 8, "Phishing-based Trojans – Redirectors")
"...Along with phishing-based keyloggers we are seeing high increases in traffic redirectors. In particular the highest volume is in malicious code which simply modifies your DNS server settings or your hosts file to redirect either some specific DNS lookups or all DNS lookups to a fraudulent DNS server. The fraudulent server replies with “good” answers for most domains, however when they want to direct you to a fraudulent one, they simply modify their name server responses. This is particularly effective because the attackers can redirect any of the users requests at any time and the end-users have very little indication that this is happening as they could be typing in the address on their own..."

:ph34r:

Edited by apluswebmaster, 10 March 2008 - 06:51 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 17 March 2008 - 05:25 AM

FYI...

Example: http://ca.com/us/sec...px?id=453119651
Latest DAT Release 03 13 2008 - "This fake codec is actually a hijacker that will change your DNS settings whether you are aquire your IP settings through DHCP or set your IP information manually. This hijacker will attempt to re-route all your DNS queries through 85.255.x.29 or 85.255.x.121 (RBN).... rogue DNS servers..."

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 21 March 2008 - 11:06 AM

FYI...

Linksys WRT54G Security Bypass vuln - updates available
- http://secunia.com/advisories/29344/
Release Date: 2008-03-21
Impact: Security Bypass
Where: From local network
Solution Status: Vendor Patch
OS: Linksys WRT54G Wireless-G Broadband Router
...The vulnerability is reported in firmware version 1.00.9. Other versions may also be affected.
Solution: Install updated firmware versions.
WRT54G v5/v6: Install version 1.02.5.
WRT54G v8: Install version 8.00.5.
WRT54G v8.2: Install version 8.2.05 ...
> http://nvd.nist.gov/...e=CVE-2008-1247
Last revised: 3/11/2008
CVSS v2 Base score: 10.0 (High)
"...allows -remote- attackers to perform arbitrary administrative actions.."

Linksys WRT54G » Downloads
- http://preview.tinyurl.com/2qykkj
WRT54G v5/v6: Install version 1.02.5. (3/03/2008)
WRT54G v8: Install version 8.00.5. (1/18/2008)
WRT54G v8.2: Install version 8.2.05 (1/18/2008) ...

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 21 March 2008 - 02:28 PM

FYI...

D-Link router based worm?
- http://isc.sans.org/...ml?storyid=4175
Last Updated: 2008-03-21 16:44:10 UTC - "...I suspect someone is using snmp to reconfigure the router to its default password or to read it's admin password and then accessing the D-Link via telnet to modify the routers configuration or firmware. The D-Link DWL-1000AP had an snmp based password confidentiality vulnerablity reported back in 2001... I doubt this attack includes changing the firmware of the router itself to become router based self propagating worm while possible it is more difficult then compromising one of the home systems. Given control of a device like this in the network it would be relatively simple to redirect consumer's traffic to a site. With client side exploits that would compromise any computer that was not fully patched..."

:ph34r:

Edited by apluswebmaster, 22 March 2008 - 02:38 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 08 April 2008 - 06:54 AM

FYI...

- http://www.techworld...amp;pagtype=all
08 April 2008 - "...The technical details of a DNS rebinding attack are complex, but essentially the attacker is taking advantage of the way the browser uses the DNS system to decide what parts of the network it can reach... On Tuesday, OpenDNS* will offer users of its free service a way to prevent this type of attack, and the company will also set up a website that will use Kaminsky's techniques to give users a way to change the passwords of vulnerable routers. The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said. Although this particular attack takes advantage of the fact that routers often use default passwords that can be easily guessed by the hacker, there is no bug in the routers themselves..."
* http://www.opendns.com/

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 09 April 2008 - 05:37 AM

FYI...

- http://preview.tinyurl.com/6yslx8
April 8, 2008 (Computerworld) - "... OpenDNS will offer users of its free service a way to prevent this type of attack, and the company will also set up a Web site* ... to give users a means of changing the passwords of vulnerable routers..."
* http://www.fixmylinksys.com/

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 10 April 2008 - 01:16 PM

FYI... 4.10.2008

- http://www.symantec....ponse/index.jsp
(Symantec ThreatCon / Environment / Network Activity Spotlight)
"The DeepSight Threat Analyst Team is monitoring TCP port 23 and UDP port 161. These ports have both been associated with recent reports of a new bot that is exploiting and installing itself on D-Link routers.
The bot is designed to attack only D-Link routers over port 23 (Telnet) and contains functionality to scan for TCP port 23, launch IRC clone floods, and launch DDoS attacks. The author of this malicious software is charging 200 US dollars for the software, making it likely that this malware and variants of this malware will become widespread."

:ph34r: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 11 April 2008 - 03:50 PM

FYI...

Home Wireless AP Hardening in 5 Steps
- http://isc.sans.org/...ml?storyid=4282
Last Updated: 2008-04-11 19:58:32 UTC - "... There are dangers in all consumer network hardware that require the attention of everyone that installs these devices regardless of the vendor. Taking a device out of the box, plugging it in and letting it go can expose you to "worms" or other remote-based exploitation. This stems from a similar problem with software and operating systems, namely, these things do not ship in a secure-by-default configuration.
Here are 5 easy steps to take when you get a network device / access point to harden yourself against "easy" exploitation (and this applies to ALL hardware):
1) Change the default passwords...
2) Disable remote administration...
3) Update the firmware...
4) Disable unused services...
5) Change the default settings of the device..."

(More detail at the Internet Storm Center URL above.)

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 12 June 2008 - 12:43 AM

FYI...

- http://blog.washingt...s_wirele_1.html
June 11, 2008 - "...recent versions of the ubiquitous "Zlob" Trojan (also known as DNSChanger) will check to see if the victim uses a wireless or wired hardware router. If so, it tries to guess the password needed to administer the router by consulting a built-in list* of default router username/password combinations. If successful, the malware alters the victim's domain name system (DNS) records so that all future traffic passes through the attacker's network first. DNS can be thought of as the Internet's phone book, translating human-friendly names like example.com into numeric addresses that are easier for networking equipment to handle. While researchers have long warned that threats against hardware routers could one day be incorporated into malicious software, this appears to be the first time this behavior has been spotted in malware released into the wild. The type of functionality incorporated into this version of the Zlob Trojan is extremely concerning for a number of reasons. First, Zlob is among the most common type of Trojan downloaded onto Windows machines. According to Microsoft, the company's malicious software removal tool [MSRT] zapped some 14.3 million instances of Zlob-related malware from customer machines in the second half of 2007. The other, more important reason this shift is scary is that a Windows user with a machine infected with a Zlob/DNSChanger variant may succeed in cleaning the malware off an infected computer completely, but still leave the network compromised. Few regular PC users (or even PC technicians) think to look to the router settings, provided the customer's Internet connection is functioning fine... Specific, manufacturer-based video tutorials on how to secure your wireless router are available at this link**..."
* http://blog.washingt...ix/zlobpass.txt

** http://onguardonline...orials-wireless

- http://www.trustedso...ks-into-routers
June 13, 2008 - "...behavior is entirely controlled by the attackers’ DNS servers. These could even redirect existing domain names to servers hosting crafted content (Phishing) or servers dynamically modifying real content. Once your DNS settings are under control, the bad possibilities are nearly unlimited. And, even clean machines are affected once a previous infection on just one client behind the shared router successfully cracked the router login..."

:ph34r: :!:

Edited by apluswebmaster, 18 June 2008 - 06:20 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 07 August 2008 - 02:17 PM

FYI...

- http://blog.trendmic...-engine-market/
August 7, 2008 - "More than a year ago, Trend Micro threat researchers uncovered a network of over 900 rogue DNS (Domain Name System) servers related to the ZLOB Trojan family. We gave examples showing that these rogue DNS servers are part of click fraud and leakage of personal information. Just recently, however, we discovered that this network is now targeting four of the most popular search engines. In a large scale click fraud scheme, the ZLOB gang appears to hijack search results and to replace sponsored links with DNS “tricks”... These ZLOB Trojans we found, silently change the local DNS settings of affected systems to use two out of the abovementioned 900+ rogue DNS servers. These Trojans spread by advanced social engineering tricks; an example would be professional-looking Web sites that promise Internet users access to pornographic movies after installing malware that pose as video codecs. The number of ZLOB-related infections is huge — for the last six months of 2007, Microsoft reported more than 14,000,000 infections. It now appears that the ZLOB gang has entered the multibillion-dollar search engine market. ZLOB’s rogue DNS servers resolve several domain names of the main engines to fraudulent IP addresses. Among others, this criminal operation has even set up rogue sites of the UK and Canadian versions of one of the largest search engines. Even searches performed via the installed browser toolbar (provided by the same company) are now being hijacked by ZLOB. Another popular search engine company has been hit even harder — most, if not all, domain names of the search engine that give back search results get resolved to fraudulent Web sites by the rogue DNS servers. The primary objective of ZLOB here appears to be stealing traffic and clicks from search engines, making money along the way. Affected users are immediately redirected to sites that are not at all related to their original search queries. All sponsored search hits of the two main search engines we analyzed were hijacked by ZLOB. Clicks on sponsored links then are not credited to big search engine companies, but to the ZLOB gang instead..."

//

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 05 September 2008 - 08:59 AM

FYI...

- http://www.viruslist...pubid=204792017
Sep 01 2008 - "... most widespread malicious programs... This table shows the malicious programs detected on users’ computers...
1. Trojan.Win32.DNSChanger.ech ..."


'Still around (i.e.):
- http://www.grisoft.c...download-update
IAVI: / 1655 - Added detection of new variant of Win32/Virut, Worm/Brontok,
new variants of trojans DNSChanger, Dropper.Bravix, Downloader.Tiny.
September 5, 2008

:eek:

Edited by apluswebmaster, 06 September 2008 - 08:49 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 17 September 2008 - 06:25 AM

FYI...

- http://preview.tinyurl.com/5cg8nh
September 15, 2008 - "...Instead of scouring for anonymous proxies to stay faceless on the internet, cyber criminals are increasingly targeting unsecured Wi-FI networks to get the job done. A combination of war driving tools such as NetStumbler along with a listing of default router usernames and passwords* is all it takes to freely connect to unsecured Wi-FI networks. Especially since most Wi-Fi routers use default security settings that come pre-installed by the vendor rather than it having being configured by the end user. SOHO routers log every connection and DHCP lease but these logs are flushed once the router is rebooted. If an attacker has access to the administrative console of the router (thanks to the default password), once their nefarious actives have been carried out, a simple restart of the router will erase all tracks. The extent to which an unsecured Wi-Fi connection can be abused is purely left to imagination of the attacker..."
* http://www.routerpasswords.com/

:ph34r: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 28 September 2008 - 12:11 PM

FYI...

- http://voices.washin...wireless_a.html
September 26, 2008 - "...Why is changing the default settings on wireless access point a big deal? Because there are plenty of Web sites that list the default user names and passwords built into every brand of router out there... For instance, if I were looking for an exposed wireless network, I'd probably start by searching the local zip code for the default SSID assigned to many popular routers. After all, these would most likely be the networks powered by users who yanked their shiny new routers straight out of the box and plugged them right into the user's modem without modifying a thing..."
* http://wigle.net/gps.../main/ssidstats

:techsupport:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 05 December 2008 - 11:18 AM

FYI...

How to Protect Your Wi-Fi Network from the WPA Hack
- http://lifehacker.co...om-the-wpa-hack
Nov 7 2008 - "... a PhD candidate studying encryption has found an exploit in the WPA standard that would allow a hacker to "send bogus data to an unsuspecting WiFi client," completely compromising your Wi-Fi security and opening your network to all sorts of hacking. Lucky for you, it's not terribly difficult to protect yourself against the new exploit.
The key: Just log into your router, switch off Temporal Key Integrity Protocol (TKIP) as an encryption mode, and use Advanced Encryption System (AES) only. TKIP is the only protocol that the hack applies to, so switching to AES-only will ensure that your Wi-Fi network is safe again. It's quick and easy, so do yourself a favor and make the adjustment now so you don't run into any problems in the future."

- http://web.nvd.nist....d=CVE-2008-5230
Last revised: 12/03/2008

- http://www.cisco.com...6.html#response
"... the use of WPA2 with AES is recommended whenever possible..."

:!:

Edited by AplusWebMaster, 16 October 2010 - 01:54 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 24 March 2009 - 07:08 AM

FYI...

Router-based botnet...

- http://isc.sans.org/...ml?storyid=6061
Last Updated: 2009-03-24 13:13:59 UTC - "...document (pdf - dated January 11th, 2009) by Terry Baume* goes into detail about how a specific brand of DSL Modem (Netcomm NB5) can be compromised with malicious code that turns the device into a IRC based Bot - named PSYB0T 2.5L. While discovered several months ago, some recent entries on the DroneBL blog that (among further detail into "PSYB0T") state "We came across this botnet as part of an investigation into the DDoS attacks against DroneBL's infrastructure...". It certainly appears that PSYB0T may be alive and kicking! Some further insight into the possibility that this Bot is still evolving (Now Version 2.9L, 3 months later) has been presented on the TeamFurry blog**..."
* http://www.adam.com.au/bogaurd/
** http://www.teamfurry...ps-cpu-devices/

- http://www.dronebl.org/blog/8
"You are only vulnerable if:
• Your device is a mipsel device.
• Your device has telnet, SSH or web-based interfaces available to the WAN
• Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.
As such, 90% of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise)... Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable.

How can I tell if I have been infected?
Ports 22, 23 and 80 are blocked as part of the infection process (but NOT as part of the rootkit itself, running the rootkit itself will not alter your iptables configuration). If these ports are blocked, you should perform a hard reset on your device, change the administrative passwords, and update to the latest firmware. These steps will remove the rootkit and ensure that your device is not reinfected...
Mar-24-2009 ...botnet itself is still active..."

- http://www.theregist...etworking_worm/
24 March 2009

- http://www.eset.com/...ter/blog/?p=810
March 23, 2009 - "...targets routers and DSL modems..."

:grrr: :ph34r:

Edited by apluswebmaster, 24 March 2009 - 09:23 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 22 July 2009 - 07:15 PM

FYI...

DD-WRT vuln...
- http://isc.sans.org/...ml?storyid=6853
Last Updated: 2009-07-22 20:43:54 UTC - "... new vulnerability in DD-WRT that was being reported in the Register at:
http://www.theregist...rt_router_vuln/ .
DD-WRT runs on routers by Linksys, D-Link Buffalo, ASUS and well as other routers. The complete list can be found at:
http://www.dd-wrt.co...pported_Devices
This vulnerability will allow an attacker to run programs with root priviledges on a vulnerable router. More information can be found on the DD-WRT Forum at:
http://www.dd-wrt.co...p...asc&start=0 "

:ph34r: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 23 November 2009 - 02:35 PM

FYI...

2wire Gateway router/modem - update available
- http://web.nvd.nist....d=CVE-2009-3962
Last revised: 11/18/2009 - "The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot)...
CVSS v2 Base Score: 7.8 (HIGH) ...

- http://webvuln.com/a....of.service.txt
Solution Status: Vendor issued firmware patches; Providers are in charge of applying the patches...
WORKAROUND: Disable Remote Management in Firewall -> Advanced Settings...

- http://www.us-cert.g...9-327.html#high
November 23, 2009

:ph34r: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 02 March 2010 - 08:04 AM

FYI...

DSL modem-router botnet...
- http://blog.trendmic...f-chuck-norris/
Mar. 1, 2010 - "... Dubbed the “Chuck Norris botnet,” based on the Italian comment in its source code, in nome di Chuck Norris (translation: “in the name of Chuck Norris”), this botnet infects vulnerable DSL modems and routers to spread a worm Trend Micro detects as WORM_IRCBOT.ABJ. This worm tries to gain access to a target router by guessing the router’s configuration password using brute force. It may also spread via shared networks by exploiting a known Microsoft vulnerability, MS03-039 Buffer Overrun in RPCSS Service. The worm’s routines make users who are connected to the same network or router at risk of being infected. This worm also has backdoor capabilities that allows attackers to execute remote command on affected systems, which include downloading and executing other malware and launching denial-of-service (DOS) attacks against other systems. Ultimately, its main goal is still to gain profit from unknowing users by stealing personally identifiable information (PII) and credentials to access certain websites, particularly online banking sites. Its infection routine via router may be unusual for most bots of its kind, which usually infects computers. But it is not the first time that bots have used modems and routers as a propagation platform. Trend Micro has, in fact, reported such attacks in the past in relation to other threat families such as ZLOB, RBOT, and QHOST..."

:grrr: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#26 james_locksmith

james_locksmith

    Member

  • New Member
  • Pip
  • 1 posts

Posted 07 May 2010 - 09:20 AM

Thanks for sharing interesting info. i have found similar posts in other forums as well

#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 14 October 2010 - 07:17 AM

FYI...

Wi-Fi hacked in seconds ...
- http://blog.cpp.co.u...networks-safely
14 Oct 2010 - "... Using only a laptop and widely available software, our ethical hacker demonstrated how vulnerable we are to Wi-jacking because of non-existent or inadequate online security. Having gained access to your personal details hackers can ‘cloak’ criminal activities such as purchasing illegal pornography or selling on stolen goods. It also allows them to view your private transactions over the network, accessing passwords and usernames which can then be used to impersonate you and commit identity fraud and other illegal activity in your name.
Key findings from the report:
• We found that nearly a quarter of private wireless networks have no password whatsoever attached, making them immediately accessible to criminals
• Hackers were able to ‘harvest’ usernames and passwords from unsuspecting people using public networks at a rate of more than 350 an hour, sitting in town-centre coffee shops and restaurants.
• More than 200 people unsuspectingly logged onto a fake Wi-Fi network over the course of an hour, putting themselves at risk from fraudsters who could harvest their personal and financial information.
Steps and ways to protect yourself..."
(More detail at the URL above.)

> http://www.cpp.co.uk...open-to-attack/

- http://news.cnet.com...021188-245.html
November 1, 2010 - "Chances are you don't leave your front door unlocked. And you shouldn't leave your Wi-Fi network unsecured either. Many of you may have heard this before, but many still seem to not be doing anything about it. You should. Here's why. With a $50 wireless antenna and the right software a criminal hacker located outside your building as far as a mile away can capture passwords, e-mail messages, and any other data being transmitted over your network, and even decrypt data that is supposedly protected..."

:ph34r: :ph34r:

Edited by AplusWebMaster, 02 November 2010 - 05:40 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 25 April 2011 - 04:04 AM

FYI...

Wardrivers hit SMBs...
- https://www.computer...mall_businesses
April 22, 2011 - "Seattle police are investigating a group of criminals who they say have been cruising around town in a black Mercedes stealing credit card data by tapping into wireless networks belonging to area businesses. The group has been at it for about five years, according to an affidavit signed by Detective Chris Hansen, a fraud investigator with the Seattle Police Department... looking for companies using an unsecure Wi-Fi standard called Wired Equivalent Privacy (WEP). WEP has well-documented security flaws and has been considered for years to be unsecure, but was widely used in routers built between about 2000 and 2005. Many consumers and small businesses still use it... Wardrivers typically use long-range antennas connected to laptops to compile lists and locations of wireless networks, driving from street to street and logging the Wi-Fi activity that they find... In its annual Data Breach Investigations Report earlier this week, Verizon said criminals are increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies... The gang is thought to have stolen more than $750,000 worth of items, according to the Seattle Post Intelligencer*, which first reported the story."
* http://www.seattlepi...ted-1344185.php

:ph34r: :scratchhead:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 29 December 2011 - 07:12 PM

FYI...

Tools bypass Wireless router security...
- https://krebsonsecur...outer-security/
December 29, 2011 - "... At issue is a technology called “Wi-Fi Protected Setup” (WPS) that ships with many routers marketed to consumers and small businesses... Setting up a home wireless network to use encryption traditionally involved navigating a confusing array of Web-based menus, selecting from a jumble of geeky-sounding and ill-explained encryption options (WEP, WPA, WPA2, TKIP, AES), and then repeating many of those procedures on the various wireless devices the user wants to connect to the network. To make matters worse, many wireless routers come with little or no instructions on how to set up encryption. Enter WPS. Wireless routers with WPS built-in ship with a personal identification number (PIN – usually 8 digits) printed on them. Using WPS, the user can enable strong encryption for the wireless network simply by pushing a button on the router and then entering the PIN in a network setup wizard designed to interact with the router. But according to new research, routers with WPS are vulnerable to a very basic hacking technique: The brute-force attack. Put simply, an attacker can simply try thousands of combinations in rapid succession until he happens on the correct 8-digit PIN that allows authentication to the device... if your router has a “WPS PIN” notation on its backside, then it shipped with this WPS feature built-in."
> http://www.kb.cert.org/vuls/id/723755
Last Updated: 2011-12-27 - "... Workarounds: Disable WPS... best practices also recommend only using WPA2 encryption with a strong password, disabling UPnP, and enabling MAC address filtering so only trusted computers and devices can connect to the wireless network."
___

- https://isc.sans.edu...l?storyid=12292
Last Updated: 2011-12-30 03:19:11 UTC - "... Disable WPS..."
___

• Linksys WPA2 setup: http://www6.nohold.n...onverted=0#WPA2
• D-Link WPA2 setup: http://support.dlink...sp?prod_id=1506
• Netgear WPA2 setup: http://kb.netgear.co...detail/a_id/112
• Belkin WPA2 setup: http://en-us-support...WQvM01qSjhSTWs=

:!: :ph34r:

Edited by AplusWebMaster, 31 December 2011 - 09:32 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 07 January 2012 - 07:59 PM

FYI...

WPS vulnerable to Brute-Force Attack
- https://www.us-cert..../TA12-006A.html
January 06, 2012 - "... Solution: Update Firmware: Check your access point vendor's support website for updated firmware that addresses this vulnerability. Further information -may- be available in the Vendor Information section of VU#723755* and in a Google spreadsheet called WPS Vulnerability Testing**.
Disable WPS: Depending on the access point, it may be possible to disable WPS. Note that some access points may -not- actually disable WPS when the web management interface indicates that WPS is disabled..."

* http://www.kb.cert.o.../723755#vendors

** https://docs.google....NSSHZEN3c#gid=0
___

Cisco WPS vuln Response
- http://tools.cisco.c...onalInformation
2012-January-18 - Rev 2.0 - Updated information for the WRP400.

:blink: :ph34r:

Edited by AplusWebMaster, 19 January 2012 - 05:50 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 28 January 2012 - 07:03 AM

FYI...

- http://tools.cisco.c...ecurityResponse

Cisco WPS vuln - status updated ...
- http://tools.cisco.c...sr-20120111-wps
2012-January-27 - Revision 3.0... Updated the Cisco UC320W WPS Disable status to Yes due to release of DisableWPS.pmf**. Added Cable and DSL access products currently under investigation. Added a link to Linksys product documentation*...

WPS vulnerability status update for Linksys devices
* http://www6.nohold.n...articleid=25154
"... Cisco will be releasing firmware that allows customers to disable Wi-Fi Protected Setup to eliminate exposure to this issue... table lists affected products and will be updated with dates and firmware version numbers that include the ability to disable WPS..."

** https://supportforum.../docs/DOC-16301
Last Modified: Jan 26, 2012 - Rev. 10
___

- http://www.kb.cert.o.../723755#vendors
Last Updated: 2012-01-28

:ph34r:

Edited by AplusWebMaster, 29 January 2012 - 07:59 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 16 May 2012 - 01:41 PM

FYI...

WPS PIN brute force vulnerability
- http://www.kb.cert.o.../723755#vendors
Last revised: 10 May 2012
Overview: The WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible...
Impact: An attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service...
Please consider the following workarounds:
> Disable WPS
Within the wireless router's configuration menu, disable the external registrar feature of WiFi Protected Setup (WPS). Depending on the vendor, this may be labeled as external registrar, router PIN, or WiFi Protected Setup...
References:
- http://sviehb.wordpr...-vulnerability/
- http://en.wikipedia....Protected_Setup
- http://download.micr...WCN-Netspec.doc
- http://www.wi-fi.org...rotected-setup/
- https://docs.google....dFpEUDNSSHZEN3c
- http://en-us-support...s-on-the-router

:ph34r: :!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 01 October 2012 - 02:11 PM

FYI...

DSL modem hack used to infect millions - banking fraud malware
- http://arstechnica.c...s-with-malware/
Oct 1, 2012 - "Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials... The attack... infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil's Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log into and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites. "This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems," Assolini wrote... "This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months"... The vulnerability is even more alarming since the list of affected manufacturers and models is still unknown. Users who want to protect themselves should make sure their modems are using the latest available firmware, although based on what we know now, there's no guarantee the latest release has been patched against the exploited CSRF flaw."

:grrr: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 21 January 2013 - 09:43 AM

FYI...

Linksys WRT54GL firmware vuln
- https://secunia.com/advisories/51809/
Release Date: 2013-01-21
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Operating System: Linksys WRT54GL 4.x
Solution: Update to firmware version 4.30.16.
Original Advisory: Linksys:
http://homedownloads...easeNotes,0.txt
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 07 February 2013 - 11:07 AM

FYI...

D-Link DIR-300 / 600 routers vuln
- https://threatpost.c...bilities-020713
Feb 7, 2013 - "... vulnerabilities in D-Link’s DIR-300 and DIR-600 routers could allow an attacker to inject arbitrary shell commands and ultimately compromise the device... Messner first discovered the vulnerabilities at the tail end of 2012 and forwarded them to D-Link who insisted the issue was relegated to browsers and that the company would not publish a fix. Messner elected to provide more information to D-Link more than a week and a half ago, on January 25. Having still not heard back yet, Messner saw fit to publicly releasing the attack details earlier this week. A post by The H-Security* claims that all current D-Link firmware versions (Version 2.13, released November 7, 2012 and Version 2.14b01, released January 22, 2013) are affected by the flaw and suggests – at least until D-Link issues a fix – to “decommission the affected browsers.” D-Link did not respond to e-mail requests for comment..."

* http://h-online.com/-1798804
6 Feb 2013

- http://atlas.arbor.n...dex#-1154464955
Feb 07, 2013
Analysis: "Many home offices and small offices use broadband connections with devices like the D-Link routers. Such environments don't often have security savvy people on staff, and the compromise of such devices can lead to all sorts of issues such as attackers planting malicious DNS servers in the device configuration that affect every system on the LAN using DHCP to receive DNS settings. In addition, an attacker could use such a vulnerability to penetrate deeper into an enterprise network by compromising a machine on the LAN and backdooring it."

- http://h-online.com/-1800471
8 Feb 2013

- https://secunia.com/advisories/52080/
Release Date: 2013-02-08
Criticality level: Moderately critical
Impact: Exposure of system information, System access
Where: From local network
... weakness, security issues, and vulnerability are reported in the following products:
* D-Link DIR-300 version 2.12 and 2.13.
* D-Link DIR-600 version 2.12b02, 2.13b01, and 2.14b01.
Solution: No official solution is currently available.

:(  :ph34r:


Edited by AplusWebMaster, 08 February 2013 - 10:42 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 01 March 2013 - 06:03 AM

FYI...

D-Link DIR-645 - Firmware v1.03 update-fix
- https://secunia.com/advisories/52432/
Release Date: 2013-03-01
... security issue is reported in version to 1.02. Other versions may also be affected.
Solution: Reportedly fixed in version 1.03.
Original Advisory: http://archives.neoh...13-02/0151.html
"... D-Link has released an updated firmware version (1.03) that addresses this issue..."

> http://www.dlink.com...ome-router-1000
Latest Firmware - Version v1.03
 

:ph34r:


Edited by AplusWebMaster, 01 March 2013 - 06:05 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 19 March 2013 - 09:17 AM

FYI...

Actiontec router MI424WR-GEN3I CSRF vuln ...
- http://www.kb.cert.org/vuls/id/278204
18 Mar 2013 - "Overview: The Verizon FIOS Actiontec router model MI424WR-GEN3I is susceptible to cross-site request forgery attacks.
Solution We are currently unaware of a practical solution to this problem. Please consider the following workarounds.
Restrict Access: Verify the router's web interface is not Internet accessible. As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent CSRF attacks since the attack comes as an HTTP request from a legitimate user's host. Restricting access would prevent an attacker from accessing the router web interface using stolen credentials from a blocked network location.
Do Not Stay Logged Into the Router's Management Interface: Always log out of the router's management interface when done using it..."
> http://www.kb.cert.o.../id/BLUU-94HPZA

>> http://www.actiontec...uct.php?pid=189
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 10 April 2013 - 04:20 AM

FYI...

Linksys EA2700 firmware - update
- http://arstechnica.c...emote-takeover/
Apr 9, 2013 - "... The most severe of the vulnerabilities in the "classic firmware" for the Linksys EA2700 Network Manager is a cross-site request forgery weakness in the browser-based administration panel... A statement issued by officials from Belkin, which recently acquired the Linksys brand, said the vulnerabilities documented by Purviance had been fixed in the Linksys Smart Wi-Fi Firmware that was released in June... link for the Linksys Smart Wi-Fi Firmware:
- http://support.links.../routers/EA2700
EA Series Linksys Smart Wi-Fi Firmware
11/19/2012
Ver.1.1.39.145204
- http://downloads.lin...te_11192012.txt
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#39 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 16 July 2013 - 11:39 AM

FYI...

ASUS routers - critical updates...
- http://h-online.com/-1918469
16 July 2013 - "... updates are available from the company's support page* for the two router models RT-AC66U and RT-N66U. The company says that it will offer fixes for the other affected models "soon". In the meantime, ASUS recommends turning -off- all AiCloud functions like Cloud Disk, Smart Access and Smart Sync."
* http://www.asus.com/support/
 

:ph34r: :(


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#40 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 15 October 2013 - 06:51 AM

FYI...

D-Link routers back door vuln...
- http://www.theinquir...ts-wifi-routers
Oct 15 2013 - "... D-Link has hurriedly prepared a patch for WiFi routers that are affected by a recent security alert... In a statement on its website*, D-Link acknowledged the problem and said that it is "proactively working with the sources of these reports". In the meantime, the company has posted an interim firmware update to address the problem... a full fix will be with us by the end of October."
* http://www.dlink.com...upport/security
"... Disable remote access to your router if it is not required (this is disabled by default)... These firmware updates address the security vulnerabilities in affected D-Link routers. D-Link will update this continually and we strongly recommend all users to install the relevant updates..."

- https://isc.sans.edu...l?storyid=16802
Last Updated: 2013-10-14 19:58:28 UTC - "...  old d-link routers which allows the attacker to gain admin privileges in the router. The following models are affected:
    DIR-100
    DI-524
    DI-524UP
    DI-604S
    DI-604UP
    DI-604+
    TM-G5240
    DIR-615 ...
... check this page* to look for information on how to access the admin tool to change the password..."
* http://support.dlink...tools_admin.htm
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 15 October 2013 - 07:11 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#41 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 02 December 2013 - 04:38 AM

FYI...

D-Link routers - Security Update...
- http://krebsonsecuri...d-link-routers/
Dec 2, 2013 - "... Although the router models affected are fairly old, there are almost certainly plenty of these still in operation, as routers tend to be set-it-and-forget-it devices that rarely get replaced or updated unless they stop working... On Nov. 28, D-Link released a series of updates to fix the problem*..."
* http://www.dlink.com...upport/security
Update on Router Security issue
___

D-Link routers authenticate administrative access using specific User-Agent string
- http://securityadvis...x?name=SAP10001
Last updated: Dec 3, 2013
Rev 9

- https://web.nvd.nist...d=CVE-2013-6026 - 10.0 (HIGH)
"... as exploited in the wild in October 2013."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 03 December 2013 - 05:05 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#42 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 03 January 2014 - 07:23 AM

FYI...

Linksys router backdoor grants Admin access to Remote Users
- http://www.securityt....com/id/1029551
Jan 3 2014
Impact: User access via network
Version(s): Models WAG200G, WAG320N, WAG54G2, WAG120N, WAP4410N; possibly other models
Description: A vulnerability was reported in several Linksys Routers. A remote user can gain administrative access. A remote user can send specially crafted data to TCP port 32764 to execute commands on the target system with administrative privileges.
The following devices are affected:
Linksys WAG200G
Linksys WAG320N
Linksys WAG54G2
Linksys WAG120N
Linksys WAP4410N
Other Linksys models may be affected.
Routers from other companies may also be affected.
The original advisory is available at:
- https://github.com/elvanderb/TCP-32764
Solution: No solution was available at the time of this entry...

- https://isc.sans.edu...l?storyid=17336
Last Updated: 2014-01-02 22:13:53 UTC

- https://www.grc.com/x/portprobe=32764

- http://atlas.arbor.n...dex#-1412990358
Elevated Severity
16 Jan 2014
An undocumented backdoor in approximately twenty-five types of Cisco Small Business routers has been discovered.
Source: http://www.tripwire....ented-backdoor/
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 16 January 2014 - 09:44 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#43 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 13 February 2014 - 12:42 PM

FYI...

Linksys home routers targeted and compromised in active campaign
- https://net-security...ews.php?id=2707
Feb 13, 2014 - "... undetermined vulnerability affecting certain Linksys WiFi routers is being actively and massively exploited in the wild to infect the devices with a worm dubbed "TheMoon"* ... investigation started after they were notified by a Wyoming-based ISP that some of its customers have had their Linksys routers and home networks -compromised- in the last few days. "The routers, once compromised, scan port 80 and 8080 as fast as they can (saturating bandwidth available)"... it seems that the exploit doesn't work against Linksys' E1200 routers with the latest firmware, but E1000 routers are -vulnerable- even if they have the latest firmware. The worm also attempts to download a "second stage" binary, which includes a set of hard-coded netblocks (probably blocks it scans) and likely instructions for contacting C&C servers. Other files are also ultimately downloaded... Much is yet unknown about the situation, and while the researchers are delving into it, it might be a good idea to update your router's firmware and, if you know how, to switch -off- its remote administration..."
* https://isc.sans.edu...0 Routers/17621

** https://isc.sans.edu... Captured/17630

Upgrading the Linksys router’s firmware ...
- http://kb.linksys.co...&articleid=4030

- http://support.links...t/routers/E1200

- http://support.links...t/routers/E1000
___

What we know so far...
- http://isc.sans.edu/...l?storyid=17633
Last Updated: 2014-02-13 18:37:18 UTC - "... At this point, we are aware of a worm that is spreading among various models of Linksys routers. We do not have a definite list of routers that are vulnerable, but the following routers -may- be vulnerable depending on firmware version: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. The worm will connect first to port 8080, and if necessary using SSL, to request the "/HNAP1/" URL. This will return an XML formatted list of router features and firmware versions. The worm appears to extract the router hardware version and the firmware revision... The worm will connect first to port 8080, and if necessary using SSL, to request the "/HNAP1/" URL. This will return an XML formatted list of router features and firmware versions. The worm appears to extract the router hardware version and the firmware revision... the worm will send an exploit to a vulnerable CGI script running on these routers. The request does not require authentication. The worm sends random "admin" credentials but they are not checked by the script. Linksys (Belkin) is aware of this vulnerability. This second request will launch a simple shell script, that will request the actual worm. The worm is about 2MB in size, samples that we captured so far appear pretty much identical but for a random trailer at the end of the binary... We do not know for sure if there is a command and control channel yet. But the worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card. They include images based on the movie "The Moon" which we used as a name for the worm. We call this a "worm" at this point, as all it appears to do is spread. This may be a "bot" if there is a functional command and control channel present..."
(More detail at the ISC URL above.)
___

- https://net-security...ews.php?id=2711
Feb 18, 2014 - "... Administrators and users are advised to -Disable- Remote Administration of their device, which protects them from the attack."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 18 February 2014 - 08:33 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#44 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 18 February 2014 - 07:28 AM

FYI...

Linksys EA2700, EA3500, E4200, EA4500 Authentication Bypass ...
- http://www.securityt....com/id/1029769
CVE Reference: https://cve.mitre.or...e=CVE-2013-5122
Feb 17 2014
Impact: User access via network
Version(s): EA2700, EA3500, E4200, EA4500
Description: A vulnerability was reported in some Linksys Routers. A remote user can gain administrative access to the target system...
On some systems, TCP port 443 may also be open.
The vendor was notified in July 2013...
Impact: A remote user can gain administrative access on the target system.
Solution: No solution was available at the time of this entry...
___

- https://secunia.com/advisories/56994/
Release Date: 2014-02-24
Criticality: Highly Critical
Where: From local network
Impact: Security Bypass...
Operating System: Linksys E4200, EA2700, EA3500, EA4500
... vulnerability is currently actively exploited in the wild.
... exploited to gain access to otherwise restricted functionality via TCP port 8083.
Solution: No official solution is currently available.
... Reported as a 0-Day...

- https://www.grc.com/x/portprobe=8083

- https://www.grc.com/x/portprobe=443

- http://support.links.../routers/EA2700
 

:ph34r:


Edited by AplusWebMaster, 24 February 2014 - 11:42 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#45 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 04 March 2014 - 06:02 AM

FYI...

300,000+ wireless routers hijacked by criminals in global attack
- http://www.welivesec...-global-attack/
4 Mar 2014 - "More than 300,000 wireless routers worldwide are under the control of an unknown group of cybercriminals, who have made malicious changes to the devices’ settings, allowing the attackers to misdirect computers to websites of their choice. Ars Technica reports* that the attack, which began in January 2014, affects multiple brands of router, including devices from D-Link, Micronet, Tenda among others. Routers around the world are affected, with many victims in Vietnam, but other affected in Thailand, Colombia and Italy. Team Cymru, the specialist security company which identified the attack said that the mass  attack was the “latest in a growing trend” of cybercriminals targeting SOHO (small office/home office) routers as a way to target victims without compromising PCs directly..."
* http://arstechnica.c...icious-changes/
"... The telltale sign a router has been compromised is DNS settings that have been changed to 5.45.75.11 and 5.45.76.36..."
** https://www.team-cym...ng&pk_kwd=Media
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#46 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 06 March 2014 - 07:46 PM

___

Chameleon WiFi Virus spreads ...
- http://blog.malwareb...ds-like-a-cold/
Mar 6, 2014 - "A team of researchers at the University of Liverpool developed a virus dubbed Chameleon that travels over WiFi networks and spreads “as efficiently as the common cold spreads between humans.” Unlike most viruses, Chameleon doesn’t go after computers or internet resources, but focuses on access points (APs), or where you connect to the internet. For the average home user, this is usually a wireless router. The research team says the virus spreads fast, avoiding detection and identifying “the points at which WiFi access is least protected by encryption and passwords.” If the virus hits a roadblock when trying to propagate, it simply looks for other access points “which weren’t strongly protected including open access WiFi points common in locations such as coffee shops and airports”... It’s unfortunate that very few routers today have adequate anti-virus protection, if they have any at all. In addition, many consumers don’t ever change the default username and password on their routers, making it dreadfully susceptible to hijacking. Here are some measures you can take to protect yourself from these types of threats:
• Change the default username and password on your home router
• Ensure your WiFi network is password protected with a strong password
• Avoid weaker wireless authentication protocols like WEP
• Don’t broadcast your network’s name (SSID)
• Avoid public networks and WiFi hotspots
• Consider MAC address filtering to control which devices connect to your network "
- Disable Remote Administration
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 06 March 2014 - 08:37 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#47 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 21 May 2014 - 09:00 AM

FYI...

When Networks Turn Hostile ...
- http://blog.trendmic...s-turn-hostile/
May 20, 2014 - "We’ve previously discussed how difficult it is to safely connect to networks when on the go... many holiday lodges and hotels today have made Wi-Fi access an integral part of their offered amenities... it is easy to take secure Internet access for granted... using the provided Internet access, the Facebook app on my smartphone refused to connect. Other apps and websites worked fine, however. Trying to access Youtube using the mobile browser resulted in this:
Fake Youtube alert:
> http://blog.trendmic.../05/router1.png
Obviously, the above warning made no sense on an Android device. What would happen if I tried to access Facebook on a PC, then? The same issue occurred – and an off-guard user might not find it suspicious at all:
Fake Facebook alerts:
> http://blog.trendmic.../05/router2.png
> http://blog.trendmic...5/router-2a.png
If the user actually clicked the OK button on either of the two messages the following pages would appear:
Fake Internet Explorer update:
> http://blog.trendmic...20comment04.jpg
Fake Adobe Flash Player update:
> http://blog.trendmic...20comment05.jpg
... Clicking on any part of the site results in a malicious file, detected as TSPY_FAREIT.VAOV, being downloaded and run on the affected system. FAREIT malware is typically used to download other threats onto an affected system. So, how was this done? A little investigation found that the DNS settings had been -modified- so that DNS queries went to a malicious server, that redirected users... The router of the network was a TP-Link TD-W8951ND all-in one modem/router, which combined a DSL modem and a wireless router in just one device. However, this router contains a fairly serious vulnerability: an external user can access the page where the router’s firmware can be upgraded or backed up. However, this firmware file can be easily decoded; once decoded it contains the root password in the very first line... The list of targeted sites was fairly extensive, with more than 600 domains being targeted. Some of the sites targeted (aside from Facebook and Yahoo) include Ask, Bing, Google, Linkedin, Pinterest, and SlideShare. All of these sites used the .com top-level domain...
How do you prevent yourself from becoming a victim of this attack? One suggestion is to explicitly use public DNS servers, such as those of Google (8.8.8.8 and 8.8.4.4). This can usually be done in the operating system’s network settings, and is applicable to both mobile and non-mobile systems... [or OpenDNS 208.67.222.222 and 208.67.220.220]* ... Two settings can also help in reducing the risks from these attacks: first, port 80 should be forwarded to a non-existent IP address. In addition, the web management interface of the router should not be accessible from the WAN side of the network."
* https://store.opendns.com/setup/
___

Multiple Vulnerabilities in SNMP ...
- http://atlas.arbor.net/briefs/
High Severity
May 23, 2014
"... these devices are considered end-of-life, they will likely not receive firmware upgrades addressing these security issues. Metasploit exploit code for these vulnerabilities is available. Attackers often make use of available exploit code for known vulnerabilities to target vulnerable systems..."

Disable SNMP wherever possible, ASAP.


- https://www.grc.com/port_161.htm
"... If our port analysis ever shows that a router (for example) or other network device exposed to the Internet has its SNMP interface open you will want to arrange to disable and close that port immediately..."

Related Ports: https://www.grc.com/port_23.htm
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 28 May 2014 - 03:02 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#48 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 27 May 2014 - 11:13 AM

FYI...

D-Link DIR-505/505L Wireless Router - Firmware updates
- https://secunia.com/advisories/58972/
Release Date: 2014-05-27
Criticality: Moderately Critical
Where: From local network
Impact: System access
Solution Status: Partial Fix
Operating System: D-Link DIR-505, 505L Wireless Router
No CVE references.
... vulnerability has been reported in D-Link DIR-505 and D-Link DIR-505L Wireless Routers, which can be exploited by malicious people to compromise a vulnerable device...
Related to: https://secunia.com/SA58728/ *
The vulnerability is reported in versions 1.07 and prior.
Solution: Apply update if available.
Original Advisory:
- http://securityadvis...x?name=SAP10029

* Original Advisory: D-Link:
- http://securityadvis...x?name=SAP10027
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#49 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 04 June 2014 - 06:08 AM

FYI...

Unpatchable systems ...
- https://www.computer...tchable_systems
June 2, 2014 - "... Broadband routers humming away peacefully in attics and home offices have become the latest targets of sophisticated cyber criminal groups... In March, the security consultancy Team Cymru warned* that hackers had compromised some 300,000 small- and home-office broadband routers made by firms D-Link, Micronet, Tenda, and TP-Link, among others. That attack followed a similar incident in which compromised home routers were used in attacks on online banking customers in Poland and the appearance, in February, of a virus dubbed "The Moon"** which spreads between Linksys E-Series home routers, exploiting an authentication bypass vulnerability in the systems. Worse, these attacks relied on the same set of problems common to embedded systems: poor (or "commodity") engineering, insecure default settings, the use of hard-coded (permanent) "backdoor" accounts, and a lack of sophistication on the part of device owners, Team Cymru reported... When security is absent from the design of the device, there are few options for securing it after the fact, short of replacing the hardware and software entirely... with so many legacy systems that are so lacking in basic security features, the risk of compromise is always there..."
* http://www.team-cymr...HOPharming.html

** http://grahamcluley....on-router-worm/
"... a worm that was spreading between Linksys routers. What’s unusual about the worm, which has been dubbed “The Moon”, is that it doesn’t infect computers. In fact, it never gets as far as your computer. And that means up-to-date anti-virus software running on your computer isn’t going to stop it. The worm never reaches a device which has anti-virus protection running on it..."
I.E., see firmware updates: http://support.links.../routers/EA6900
And this: http://isc.sans.org/...ml?storyid=4282 ... an old post, but it still applies.
___

- http://blogs.cisco.c...ently-observed/
June 17, 2014 - "... Cisco has recently seen a spike in brute-force attempts to access networking devices configured for SNMP using the standard ports (UDP ports 161 and 162). Attacks we’ve observed have been going after well known SNMP community strings and are focused on network edge devices... While there’s nothing new about brute-force attacks against network devices, in light of these recent findings, customers may want to revisit their SNMP configurations and ensure they follow security best practices, including using strong passwords and community strings and using ACLs to restrict access to trusted network management endpoints..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 20 June 2014 - 06:12 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#50 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,790 posts

Posted 26 August 2014 - 03:41 AM

FYI...

Netis routers - backdoor open ...
- http://blog.trendmic...-open-backdoor/
Aug 25, 2014 - "Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cybercriminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. What is this backdoor? Simply put, it is an open UDP port listening at port 53413. This port is accessible from the WAN side of the router. This means that if the router in question has an externally accessible IP address (i.e., almost all residential and SMB users), an attacker from anywhere on the Internet can access this backdoor... This backdoor is “protected” by a single, -hardcoded- password located in the router’s firmware. Netcore/Netis routers appear to all have the -same- password. This “protection” is essentially -ineffective- as attackers can easily log into these routers and users cannot modify or disable this backdoor... In order to determine if their router is vulnerable, users can use an online port scanner... probe at port 53413:
> https://www.grc.com/port_53413.htm
... Users have relatively few solutions available to remedy this issue. Support for Netcore routers by open source firmware like dd-wrt and Tomato is essentially limited; only one router appears to have support at all. Aside from that, the only adequate alternative would be to -replace- these devices."
___

Netis Router Backdoor “Patched” but not really
- http://blog.trendmic...but-not-really/
Oct 3, 2014 - "... the ShadowServer Foundation* has been kind enough to scan for IP addresses affected by this vulnerability... the same number of devices were at risk (we note that the number has risen at the time of this writing)... Netis has addressed the vulnerability with a firmware update for the router models vulnerable to the backdoor (downloadable from their official website’s download page**)... instead of removing the code that pertains to the backdoor (which is in essence an open UDP port), the update instead closes the port and hides its controls. What this basically means is that the backdoor is still in the router – just that it’s closed by default, and only someone who already knows about the backdoor itself and has the technical knowledge to open it can access it... The fact that the port is still there means it can still be opened and used for malicious purposes, especially if the attackers manage to get a hold of the password to the router’s web console and can obtain access to the LAN side of the router (via, say, malware on a client PC). It still leaves the router (and the network tied to it) open to attack. It’s like patching up a hole in the wall with a door and then just giving the owner of the house a key to that door – the keys can still be stolen, and the hole can still be used to break into the house. Should you still update? Yes. We highly recommend installing the update if you still wish to use your Netcore/Netis router, as it does at least give you access control over the port (if you know what you’re doing), and overall makes the router more secure. However, we want to stress that users should also make their router passwords stronger as well -immediately- after applying this update - or, if their routers do not require password access, then for them to activate that feature through the web console and THEN make the password as strong as they can possibly be. Strong passwords practices include making it as long as the password form allows, as well as using special symbols and numbers along with letters. We will continue to monitor this particular issue and update as necessary."
* https://netisscan.shadowserver.org/
"... 885,093 distinct IPs have responded to our probe..."

** http://www.netis-sys...m/en/Downloads/
___

- http://atlas.arbor.net/briefs/
High Severity
28 Aug 2014
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 05 October 2014 - 10:54 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!