Archive for the ‘Internet Service Providers’ Category

Episode 30: Routing Security

December 22, 2009

Episode 30: Routing Security: “

In the 30th episode of Team Cymrus The Who and Why Show, were joined once again by John Kristoff to talk about Router and Routing Security. Well cover some common mistakes folks make, quick wins plus some longer term fixes you might want to implement to secure your networks.
More in
Science & Technology

(Via Uploads by teamcymru.)

Attackers Buying Own Data Centers for Botnets, Spam

December 21, 2009

Attackers Buying Own Data Centers for Botnets, Spam: “Attackers Buying Own Data Centers for Botnets, Spam”

(Via threatpost – The First Stop for Security News.)

Russian ransomware blocks net access

December 2, 2009

Russian ransomware blocks net access: “Russian ransomware blocks net access”

(Via The Register – Security.)

Web service automates WordPress password cracking

November 30, 2009

Web service automates WordPress password cracking: “

Malefactors debut Hacking as a Service

Hackers have developed a distributed WordPress admin account cracking scheme that poses a severe risk for the security of blogs whose owners select insecure passwords.…

(Via The Register – Security.)

Bug puts net’s most popular DNS app in Bind

November 25, 2009

Bug puts net’s most popular DNS app in Bind: “

Rare but remote

Makers of Bind have warned of a security vulnerability in versions of the domain name resolution application that could allow attackers to trick servers into returning unauthorized results.…

The power of collaboration within unified communications

(Via The Register – Security.)

Fergie’s Tech Blog: DNS Problem Linked to DDoS Attacks Gets Worse

November 14, 2009

Fergie’s Tech Blog: DNS Problem Linked to DDoS Attacks Gets Worse: ”
fergie’s tech blog
Friday, November 13, 2009
DNS Problem Linked to DDoS Attacks Gets Worse
Robert McMillan writes on PC World:

Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet’s DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.

According to research set to be released in the next few days, part of the problem is blamed on the growing number of consumer devices on the Internet that are configured to accept DNS queries from anywhere, what networking experts call an ‘open recursive’ or ‘open resolver’ system. As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers said Cricket Liu, vice president of architecture with Infoblox, the DNS appliance company that sponsored the research. ‘The two leading culprits we found were Telefonica and France Telecom,’ he said.


(Via .)

Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks

October 21, 2009

Time Warner Cable Exposes 65,000 Customer Routers to Remote Hacks: “

smcA vulnerability in a Time Warner cable modem and Wi-Fi router deployed to 65,000 customers would allow a hacker to remotely access the device’s administrative menu over the internet, and potentially change the settings to intercept traffic, according to a blogger who discovered the issue.

Time Warner acknowledged the problem to Threat Level on Tuesday, and says it’s in the process of testing replacement firmware code from the router manufacturer, which it plans to push out to customers soon.

‘We were aware of the problem last week and have been working on it since,’ said Time Warner spokesman Alex Dudley.

The vulnerability lies with Time Warner’s SMC8014 series cable modem/Wi-Fi router combo, made by SMC. The device is one of several options Time Warner offers to customers who don’t want to install their own modem and router to use with the company’s broadband service. The device is installed with default configurations, which customers can alter only slightly through its built-in web server. The most customers can do through this page is add a list of URLs they want their router to block.

But blogger David Chen, writing at, recently discovered he could easily gain remote access to an administrative page served by the router that would allow him greater control of the device.

Chen, founder of a software startup called, said he was trying to help a friend change the settings on his cable modem and discovered that Time Warner had hidden administrative functions from its customers with Javascript code. By simply disabling Javascript in his browser, he was able to see those functions, which included a tool to dump the router’s configuration file.

That file, it turned out, included the administrative login and password in cleartext. Chen investigated and found the same login and password could access the admin panels for every router in the SMC8014 series on Time Warner’s network — a grave vulnerability, given that the routers also expose their web interfaces to the public-facing internet.

time-warner-admin-panelAll of this means that a hacker who wanted to target a specific router and change its settings could access a customer’s admin panel from anywhere on the net through a web browser, log in with the master password, and then start tinkering. Among the possibilities, the intruder could alter the router’s DNS settings — for example, to redirect the customer’s browser to malicious websites — or change the Wi-Fi settings to open the user’s home network to the neighbors.

The attacker would need the router’s IP address to conduct the attack. But Chen found a dozen customer SMC8014 series cable modem/Wi-Fi routers by simply running a port scan on a subnet of 255 Time Warner IP addresses. An evil hacker could easily automate a scanning tool to sweep through Time Warner’s address space and hack every SMC8014 it finds.

‘From within your own network, an intruder can eavesdrop on sensitive data being sent over the internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks,’ Chen wrote on his blog. ‘Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically.’

Chen said he contacted Time Warner’s security department four weeks ago and was told that the company was aware of the security vulnerability but ‘cannot do anything about it.’

He says he’s relieved to hear the company is now addressing the problem.

It’s unclear if other Time Warner customers would be affected by the same issues.

Time Warner’s Dudley says the SMC8014 modem/routers are just a small portion of the 14 million devices its customers are using.

‘We are working to determine if it affects other models,’ he says.

Home page photo: Yanowitz/Flickr

(Via Wired: Threat Level.)

Comcast to Warn PC Users If They’re Infected by PC Magazine: Yahoo! Tech

October 17, 2009

Comcast to Warn PC Users If They’re Infected by PC Magazine: Yahoo! Tech: ”

Comcast to Warn PC Users If They’re Infected
By Chloe Albanesius – PC Magazine – Thu Oct 8, 2009 11:24AM EDT

Report: Thousands of Hotmail passwords posted – Ars Technica

October 5, 2009

Report: Thousands of Hotmail passwords posted – Ars Technica: ”

Report: Thousands of Hotmail passwords posted
Thousands of password details for Windows Live Hotmail accounts may have been posted online for everyone to see.

By Emil Protalinski | Last updated October 5, 2009 9:51 AM CT
Text Size
Print this article
Leave a comment

Password details for Windows Live Hotmail accounts, including,, and e-mail addresses, were posted by an anonymous user over at, a site that allows users to paste snippets of text and then share it privately or publicly. On October 1, there were over 10,028 account user names and passwords posted as a result of either some type of ‘hack’ or phishing scheme, most of which appear to be based in Europe, according to Neowin, which first reported this story. Pastebin has since r”

(Via .)