Time Warner Cable Modems Expose Users 185
eldavojohn writes "Wired is reporting on a simple hack putting some 65,000 customers at risk. The hack to gain administrative access to the cable modem/router combo is remarkably simple: '[David] Chen, founder of a software startup called Pip.io, said he was trying to help a friend change the settings on his cable modem and discovered that Time Warner had hidden administrative functions from its customers with Javascript code. By simply disabling Javascript in his browser, he was able to see those functions, which included a tool to dump the router's configuration file. That file, it turned out, included the administrative login and password in cleartext. Chen investigated and found the same login and password could access the admin panels for every router in the SMC8014 series on Time Warner's network — a grave vulnerability, given that the routers also expose their web interfaces to the public-facing internet.' If you use Time Warner's SMC8014 series cable modem/Wi-Fi router combo, watch for firmware to be released soon that they are reportedly in the process of testing."
They need to act on this immediately! (Score:5, Funny)
the routers also expose their web interfaces to (Score:5, Funny)
the public-facing internet
wait. what? why?
Re:Why wait? (Score:0, Funny)
Clock is ticking (Score:2, Funny)
If you use Time Warner's SMC8014 series cable modem/Wi-Fi router combo, watch for firmware to be released soon that they are reportedly in the process of testing.
And if you are a hacker planning to pwn Time Warner's SMC8014 series cable modem/Wi-Fi router combo, be sure to get your exploit written and distributed soon before the new firmware is released.
Still better than PLANET... (Score:5, Funny)
...
Comment removed (Score:3, Funny)
Re:Still better than PLANET... (Score:5, Funny)
Re:Related to Belgacom hack and 'ransom'? (Score:4, Funny)
Why are evil minions so dumb. This guy gets access to all these passwords and his only idea is to blackmail a corporate entity more evil then himself...by doling out uid/pwd combinations a few at a time...please!!
As was already stated the first action by evil corporation is to get the law on their side so they do not have to do any work to change anything. The law pursues the bad guy and he realizes the grand scheme not only fails, but now he's screwed because ultimately he either gets caught, or can't release anything else for fear of being caught and thus becomes harmless. He never gets what he wants.
Were it me (and I most certainly do not live in Belgium) and I choose to do evil I would have blasted all uid/pwds at once across as many nodes as possible thus, for a moment, potentially hurting the pockets of evil corporation. Short lived excitement with no long term reward, but still would be fun to watch the fallout.
My other idea would be to use my new found data to my advantage. Can I load slaves on all those systems so that when I want to watch streaming video of pr0n I piggyback on someone else's quota. Perhaps I can monitor usage and find users with low bandwidth and borrow (steal) from them. I would never ever share this information with others, because certainly at some point a "friend" would abuse the system, or rat me out if/when caught.
No, the guy blackmails a corporate with some stupid ass name and a piss poor methodology for revenge. Do they not teach anything at Evil U any more?
Re:Why wait? (Score:3, Funny)
Re:Why wait? (Score:3, Funny)
Re:Related to Belgacom hack and 'ransom'? (Score:3, Funny)
Perhaps I can monitor usage and find users with low bandwidth and borrow (steal) from them. I would never ever share this information with others, because certainly at some point a "friend" would abuse the system, or rat me out if/when caught.
(looks around)
Is there a camera in this basement? It's like I'm being watched. Oh no, I've said too much. +++
ATH
^&@^&%*!!%*!@
NO CARRIER
Re:Why wait? (Score:4, Funny)
Sadly I have discovered they do not accept monopoly money :{
What do you mean? They've been accepting money from various monopolies for decades!
Re:Related to Belgacom hack and 'ransom'? (Score:3, Funny)
If I was him, I would have somehow figured out a way to add 285,000 TOR exit nodes.
THAT would have been fun. Every user in the country hits their quota, while completely screwing the ISP's transit quotas. They would never dare bill all of their customers for that kind of overage, they would HAVE to eat it.