Friday, February 16, 2007

Default Passwords Are Bad

If you've never changed your home wireless access point or router's password, you need to do it now. Symantec reports that a new attack will really mess up your home network and make you susceptible to an attack.

This attack is very simple, and you won't realize that it has happened. The attack can be launched against your network just from a user on the network accessing a specially crafted web site.

Synopsis from Symantec:

Imagine that whenever you wanted to go to your bank, you picked up your phone directory, looked up the bank’s address, and then went there. Our attack shows a simple way that attackers can replace the phone books in your house with one that they created. Now, when you pick up that rogue phone book to get your bank’s address, it’ll actually give you the wrong address. At this wrong address, the attackers will have set up a fake bank that looks just like your bank. When you do business with this fake bank, you’ll give up all your sensitive bank account information. However, you’ll never realize that you were at a fake bank since you trusted the address that you got from what you thought was your legitimate telephone book.

The way to protect your home network?
Change the password on your home router or wireless access point so that it is not the default (the one that was already on it when you bought the thing). Also, use a good password, not something like "password".

No comments: