Head in a blender

Your wireless network has been compromised

Andy Pedisich  September 19 2008 09:41:01 AM
Two days ago I set up a new wireless router to provide a faster, more secure WAP for my youngest son's new Mac Book, which was provided by his high school.  Last night he reported getting the message, "Your wireless network has been compromised".

I was pretty sure that this represented an error in the way the Mac was negotiating the encryption, so I switched the configuration and the problem went away.  But in the process of investigating the error I found out some pretty amazing things.

Brian Krebs of the Washington Post got my attention with his article from June 2008 about malware and routers and bad guys (Oh my!).
Truth is, if you search google for "default passwords", you'll get plenty of lists of them.  That's old news, really, but worth retelling.

However, it did remind me of a security flaw that I often find while doing Domain Audits, and that is setting a default password for new Notes users.  Basically there are two problems.  

First, Admins set the same password for new users and the users never change them.  Sometimes they are clever passwords like "welcomeSHORTNAME", but the pattern makes it a snap to hack.

Second, password expiration is not properly managed, even though the hooks to manage it are clearly there in Notes.

Did I change originally my default password on my router to one that's very strong?  Of course I did.

Recently, there was a petty thief roaming our neighborhood who was finally apprehended.  He confessed that his modus operandi was to look for open doors, go in, take stuff, and walk away.  Sheer genius, 'eh?

- Andy
Comments

1David Schaffer  9/19/2008 11:44:57 AM  Your wireless network has been compromised

Interesting thoughts. SOHO routers usually come with a simple default password but with access from the WAN side disabled. That's fine for a wired router but if you have open WiFi and the default password then your router is vulnerable to anyone driving by with a WiFi laptop.

2Craig Wiseman  9/19/2008 12:48:33 PM  Your wireless network has been compromised

It seems like a bad idea to have the default passwords out there, but I can't tell you how many times I've shown up at a client site and they haven't a clue how to access their own equipment.

It's fun showing them how easy it is to 'hack' into their network, but then I get them to make up secure logins and document them, so it does actually help.

"Test"