You know the movie which makes Phil(Bill Murray) relive the same day until he gets it right. http://www.imdb.com/title/tt0107048/
I asked Google how many days are in the movie “Groundhog Day”? 8 years, 8 months and 16 days, the director said 10 years.
IT security is just like that except it should be called “Patch or not to patch Day” maybe “Default Password Day”
We seem to be recycling old news every so often:
http://www.pcmag.com/article2/0,2817,2484250,00.asp PCMag has a story about routers being used in botnets, since people do not change their default passwords and then a criminal hacker comes along and abuses your devices for their own needs.
The article says that most of he Incapsula routers are in Thailand, but it is possible that a router is used in your neighborhood and is part of a botnet(a network of devices which are controlled by a master computer). This master computer is run by the criminal hacker (and this particular botnet is being run out of China).
We have discussed router hacks before: http://oversitesentry.com/infosec-researchers-hacking-new-routers/ (April 13)
And the one that made me say Groundhog day?
I logged on my computer on Christmas day and found Sony website with the following image:
So a US botnet was used in the past, only a few months ago.
The #1 problem in PCI compliance issues is people not changing their default passwords. If you have a router and you have not logged into it, then you should.
D-Link routers / DSL Modems have the following as a username and password (admin) it is the same.
This is why it is so easy for the hackers to control your router. Because the password is the same as the username.
So you have to look through the manual (or find one on the Internet) and change the username and password (some routers allow you to change the username of the administrator account. This is standard stuff, and just another day in the “Ground Hog Day” or should I say “patch day” — “Default Password Day”
Contact us if you don’t want to change the password yourself.