IT Security work seems like we are in “Groundhog Day” the movie

You know the movie which makes Phil(Bill Murray) relive the same day until he gets it right.  http://www.imdb.com/title/tt0107048/

I asked Google how many days are in the movie “Groundhog Day”?   8 years, 8 months and 16 days, the director said 10 years.

groundhogday-howmanydays

 

IT security is just like that except it should be called “Patch or not to patch Day” maybe “Default Password Day”

We seem to be recycling old news every so often:

http://www.pcmag.com/article2/0,2817,2484250,00.asp  PCMag has a story about routers being used in botnets, since people do not change their default passwords and then a criminal hacker comes along and abuses your devices for their own needs.

The article says that most of he Incapsula routers are in Thailand, but it is possible that a router is used in your neighborhood and is part of a botnet(a network of devices which are controlled by a master computer).  This  master computer is run by the criminal hacker (and this particular botnet is being run out of China).

We have discussed router hacks before: http://oversitesentry.com/infosec-researchers-hacking-new-routers/  (April 13)

http://oversitesentry.com/exploit-home-routers-then-pharm-dns-servers/

Exploit Home Routers Then Pharm DNS servers  Feb 27

 

And the one that made me say Groundhog day?

http://oversitesentry.com/krebs-notes-lizard-attacked-sony-with-home-routers/  Jan 10 post.

 

I logged on my computer on Christmas day and found Sony website with the following image:

sonysitenotavl

 

So a US botnet was used in the  past,  only a few months ago.

The #1 problem in PCI compliance issues is people not changing their default passwords.  If you have a router and you have not logged into it, then you should.

 

For example:

D-Link routers / DSL Modems have the following as a username and password (admin) it is the same.

http://www.dlink.com/ba/hr/support/faq/modems/dsl-modems/dsl-series/what-is-the-default-username-and-password-for-my-adsl-modem-router

This is why it is so easy for the hackers to control your router. Because the password is the same as the username.

So you have to look through the manual (or find one on the Internet) and change the username and password (some routers allow you to change the username of the administrator account.  This is  standard stuff, and just another day in the “Ground Hog Day”  or should I say “patch day” — “Default Password Day”

 

Contact us if you don’t want to change the password yourself.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.