Results 1 to 11 of 11
  1. #1
    2 Star Lounger
    Join Date
    Oct 2009
    Location
    Shoreline, Washington, USA
    Posts
    147
    Thanks
    0
    Thanked 1 Time in 1 Post





    IN THE WILD



    'Samy worm' author now targets your router





    ByRobert Vamosi

    Fresh from criminal probation for his Samy worm exploits, Samy Kamkar is back with new software that can maliciously target your home network's router.

    Kamkar's first worm brought MySpace to its knees in 2005. Now, his new proof-of-concept software puts vulnerable home routers in its crosshairs.

    The full text of this column is posted at WindowsSecrets.com/2010/01/14/05 (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by revia; 2011-01-20 at 14:56.

  2. #2
    Lounger
    Join Date
    Sep 2006
    Location
    Jhongli, Taiwan
    Posts
    42
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am trying to reply to the article "Adobe Reader updates to become automatic ". The link from the newsletter took me here... hope this is the right place...
    I disable Adobe Reader's Startup Items after updating to a newer version each time by unchecking both the Adobe Acrobat (Reader_sl.exe) as well as the Adobe Reader and Acrobat Manager (AdobeARM.exe) from the Startup tab of Window's System Configuration utility. Is either of these items the Acrobat Refresh Manager you referred to in your Windows Secrets Newsletter • Issue 227 • 2010-01-14, or are you referring to something else? Also, will there be any way of turning off the 'Refresher' after April 13? Thanks, Brady

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Blue Springs, MO, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I saw in the dslreports forums that D-Link routers are susceptible to outside hacking.

    quote from Forums » Equipment Support » Hardware By Brand » D-Link » [Help Me] D-Link Routers: One Hack to Own Them All :
    "We’ve been on hiatus over the past few months working on other projects, but last week we re-focused on D-Link routers. While we previously found a flaw in D-Link’s CAPTCHA implementation, this time around we’ve found a way to view and edit D-Link router settings without any administrative credentials.

    The short story is that D-Link routers have a second administrative interface, which uses the Home Network Administration Protocol. While HNAP does require basic authentication, the mere existence of HNAP on D-Link routers allows attackers and malware to bypass CAPTCHA “security”. Further, HNAP authentication is not properly implemented, allowing anyone to view and edit administrative settings on the router.

    HNAP appears to have been implemented in D-Link routers since 2006, and cannot be disabled. We have verified that vulnerabilities exist in the HNAP implementations of the DI-524, DIR-628 and DIR-655 routers, and suspect that most, if not all, D-Link routers since 2006 are vulnerable.

    You can read our full write-up here, and download our POC tool, HNAP0wn, here.

    The complete write-up, as posted in PDF format.
    http://www.dslreports.com/r0/downloa...ap_captcha.pdf "

    I have a D-Link DI-624 and a DI-524 and the software appears very similar. At this time, I am unsure if the dsl modem hides it, but I suspect not as it is in bridge mode. This is some scary information. According to the author, there is nothing you can do to prevent someone from hacking your system.

  4. #4
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    966
    Thanks
    19
    Thanked 4 Times in 4 Posts

    "Beginning April 13, Adobe plans to release automatic, silent updates for its Adobe Reader PDF-viewing software.
    "

    Many people use free or shareware PDF reader replacements such as PDF-XChange reader, etc.

    If you are using such a reader, you do not need to also have Adobe's reader installed! I uninstalled Adobe's reader long aog and haven't had any problems.

  5. #5
    Star Lounger
    Join Date
    Jan 2010
    Location
    San Diego, CA, USA
    Posts
    89
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a Netgear wireless router that is capable of loading open source firmware. I am still using the Netgear firmware included with the router and have done two updates since I first got it. Do I have to worry about this wireless router being hacked? If so will some of the open firmware for it offer better security in this area? It appears so far that everything has been ok and I haven't noticed any changes in my settings yet. Which wireless routers besides D-Link are vulnerable to this? In future articles could you clarify that please. My network security is an issue with me. All wireless clients who connect to my system must support WPA2 with AES or they are not let on my system. The potential for this to happen worries me! Where I live being connected to my ISP can be a scary thing since my firewall is hit up by potential intruders at a very alarming rate! So security for me is paramount!

  6. #6

    Join Date
    Dec 2009
    Location
    Oak Ridge, NJ, USA
    Posts
    0
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I made the mistake of following a link to Samy Kamkar's home page. It destroyed my USB drive. It did something to it that now prevents me from writing anything to it. It also prevents me from starting my password program "RoboForm2Go". I hope he didn't take my passwords. I was able to copy the information off of it. I formatted it 3 times and still have no control over my hardware.
    I would highly recommend that you not click on any links in this article. I trusted WS fully until now. I will think twice before following anymore links in articles.

  7. #7
    3 Star Lounger HeyJude's Avatar
    Join Date
    Dec 2009
    Location
    Ohio, USA
    Posts
    332
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Anthony Augustine View Post
    I made the mistake of following a link to Samy Kamkar's home page. It destroyed my USB drive. It did something to it that now prevents me from writing anything to it. It also prevents me from starting my password program "RoboForm2Go". I hope he didn't take my passwords. I was able to copy the information off of it. I formatted it 3 times and still have no control over my hardware.
    I would highly recommend that you not click on any links in this article. I trusted WS fully until now. I will think twice before following anymore links in articles.
    This is why I don't open any links from known virus replicators. Google it and if you use WOT it will display green if trustworthy Google results for Samy Kamkar with WOT ratings I don't happen to see WS article in that first page of listings. Also the first 4 pages of results show all Green so I wonder where the link you clicked on originated? I would have already changed my passwords if I were you. There is no point wondering about this. Do you run Malwarebytes? If you run Glary Utilities it may find the infection or issue. This would be surprising to me, but last August Glary also had issues with trojans being embedded in the Delphi platform. It seems logical to me that posting articles which have malware/virus links in them would be unacceptable. Are you using a firewall in your router? What anti-virus program do you run, and what OS? Just because WS publishes articles does not necessarily mean they are safe to wander around in, but I would expect them to be "safe." It would be prudent to verify your findings before posting that WS has an issue with their article. This has me in an investigative mode now. It will be interesting to see if anyone else has had similar issues. Keep us informed.

    Hey Jude
    Take a sad song and make it better

  8. #8
    New Lounger
    Join Date
    Oct 2009
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have removed from the article all links to Kamkar's site, which is clearly not trustworthy, regardless of its rating in any link checker. We verify the safety of all links that appear in the newsletter. Even though Kamkar's site came up clean when we visited it, the guy clearly can't be trusted.

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Rapid City, SD
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi to all.

    There is another very dangerous place that hackers could use for launching malware and that is the system BIOS. In some of my older computers the BIOS had a setting that was called AV Protection and it would not allow the operating system to change the BIOS. I have recently setup a computer with a Gigabyte MA785GM-US2H motherboard with an Award Software, Inc. BIOS. It does not have a specific setting that protects the BIOS, but it has a Supervisor password. Will the supervisor password keep a program from changing the BIOS?

    Ivan

  10. #10
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Hartford, WI, USA
    Posts
    370
    Thanks
    153
    Thanked 62 Times in 37 Posts

    After I read Robert Vamosi's column I sent a spontaneous email to editor_at_windowssecrets_dot_com and just realize that this was the "old way; I am old too so please forgive me. My comment was:

    The router issue is bad enough but please, where is the outcry about "
    Adobe Reader updates to become automatic"?

    I have commented on my blog about my reaction to this among others:
    1. Adobe does on my computer what they want when they want it and however they want to do it. They treat my computer as if it were theirs!
    2. I am being "silenced" – and I don't like that, believe me!
    3. Adobe decides to use my computer and me as their guinea pig whether I like it or not, whether I am willing to cooperate or not!
    Am I all alone in my disgust and outrage?
    Eike J Heinze
    What I am about
    SE Wisconsin

  11. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Dallas, TX
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I’m stunned. I’ve just had a surreal and highly disturbing experience with Verizon Tech Support. I called for critical information on my new Westell UltraLine Series 3 router because I needed information Verizon failed to provide in both the Quick Start Guide and the complete User Manual. Specifically, I needed the maximum number and the type of characters allowed for the router’s User Name and Password.

    Three hours later (after the first level tech guy told me to call Westell but the Westell guy said he couldn’t help because Verizon didn’t want Westell people talking to Verizon customers) the second level Verizon tech guy said, “We don’t know. All we get is the information you get, oh, wait a minute. . . “. When he returned he said, “I’ve just been informed that you don’t own the router, we give it to you. We program the User Name and Password in for our convenience in case we need to work on your router. We don’t support changing the User Name or Password and if you do we cannot support any issues you may have caused after that.”

    As usual, by that time they had worn me down and I lacked the energy to threaten him and the next seven generations of his offspring so I ended the call. But my head is still reeling from the absurdity and I'm wondering what to do next. For now, I'm using seven characters with a special character but I know that is not strong enough. The only thing preventing me from using a 63 special character string is the fear of getting locked out of a router that has taken me several hours to configure. That has happened before. Westell does something weird to passwords while you enter them by adding extra characters but I cannot figure out what it is they add.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •