ARTICLE - openwrt/dd-wrt based modem/router vulnerability?
Ben Scott
dragonhawk at gmail.com
Fri Mar 27 13:52:22 EDT 2009
On Fri, Mar 27, 2009 at 1:07 PM, Tom Wittbrodt <tomwitt2 at gmail.com> wrote:
> I wasn't aware the company providing my DSL service
> could push changes like this to my router without my involvement.
From what I've seen, most telco-provided CPE has this sort of
capability. (And as I always say, cable TV companies are telco's,
too). DSL modem, cable modem, routers, set-top boxes, etc. If they
provide it, they control it. Typically without your knowledge.
Given that telco's are notorious for depending on
security-by-obscurity, it wouldn't surprise me in the least to learn
that this has all sorts of security problems with it. Heck, I almost
expect it. For example, maybe every Verizon (FairPoint, whatever) DSL
modem in NH has the same telco account password.
"We don't care. We don't have to. We're the phone company."
I generally always recommend putting your own
firewall/router/whatever between third-party equipment and your own
networks/systems.
-- Ben
More information about the gnhlug-discuss
mailing list