Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Eircom Netopia Routers Are Wide Open

  • 20-09-2007 5:40pm
    #1
    Banned (with Prison Access) Posts: 25,234 ✭✭✭✭


    If you follow a few simple steps that I will not go into. Basically the Router Name contains part of the Encryption Key.

    http://www.bartbusschots.ie/blog/?p=511
    The information I was given included a very short piece of computer code (in C++) that takes an Eircom default SSID as input and effectively instantly gives the default WEP key as output. The algorythm to do this is shockingly and frighteningly trivial. The author claims he was able to generate this code using some very basic reverse-engineering techniques on the Eircom install CD

    Eircom won't talk to him about it or publish a security advisory for the minimum 100k of these out there. There are about 50k of these things in the supply chain between now and christmas so it will be 2008 before they fix it .

    All Together Now Duhhhh!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Thank phuck I always use WPA


«1345

Comments

  • Moderators, Technology & Internet Moderators Posts: 12,450 Mod ✭✭✭✭dub45


    Surely it is an issue worthy being brough to the attention of Comreg or perhaps even the data commissioner?

    I have always thought it silly anyway that they come with the wireless switched on as the default. It is causing unnecessary congestion of the airwaves never mind the security issue>


  • Registered Users, Registered Users 2 Posts: 12,374 ✭✭✭✭dulpit


    Quick question - our router is an Eircom Netopia one, but we have it set up so that only certain MAC addresses (my laptop, my brother's wii) can access it wirelessly...

    I presume this is as safe & secure as you can get??


  • Registered Users, Registered Users 2 Posts: 37,316 ✭✭✭✭the_syco


    dub45 wrote:
    Surely it is an issue worthy being brough to the attention of Comreg or perhaps even the data commissioner?
    Surely you're taking the piss? Because someone found a way to quickly crack WEP, it's bad? WPA is more secure, but not uncrackable. Should that also be removed?

    Wait: news flash: if it gives access to a business, someone will try to crack it.
    dulpit wrote:
    Quick question - our router is an Eircom Netopia one, but we have it set up so that only certain MAC addresses (my laptop, my brother's wii) can access it wirelessly...

    I presume this is as safe & secure as you can get??
    Nope. Your MAC address is broadcasted as plain text. Then I just have to spoof your MAC address (make your router think I'm actually your computer), and in I go.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Well as someone living in the country I don't feel as strongly about that dub45 but deriving the SSID from the WEP key and then broadcasting it is stupido!


  • Moderators, Technology & Internet Moderators Posts: 12,450 Mod ✭✭✭✭dub45


    Sponge Bob wrote:
    Well as someone living in the country I don't feel as strongly about that dub45 but deriving the SSID from the WEP key and then broadcasting it is stupido!

    I agree with you on the latter but as regards the former it is truly amazing how many Eircom networks you can pick up in Dublin and I would guess that a fair few of them are not being used as part of a wireless network.


  • Advertisement
  • Moderators, Technology & Internet Moderators Posts: 12,450 Mod ✭✭✭✭dub45


    dulpit wrote:
    Quick question - our router is an Eircom Netopia one, but we have it set up so that only certain MAC addresses (my laptop, my brother's wii) can access it wirelessly...

    I presume this is as safe & secure as you can get??

    You should change the security to WPA - easily done if you are capable of the mac stuff.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    I agree with you Dub45 in that the advisory that eircom will eventually release will advise persons that

    1. they are not to broadcast the SSID if wireless is on ( trivial)
    2. they are to turn off the wireless altogether ( trivial) if wireless is not used on the premises .


  • Registered Users, Registered Users 2 Posts: 32,417 ✭✭✭✭watty


    make up your own SSID and key at the least, WPA at better, only use cables if paranoid.


  • Closed Accounts Posts: 106 ✭✭bungholio


    the_syco wrote:
    Surely you're taking the piss? Because someone found a way to quickly crack WEP, it's bad? WPA is more secure, but not uncrackable. Should that also be removed?

    you're a fool, were not talking wep in gereral here, were talking eircoms ssid naming and their wep codes,

    News Flash: wake up n stop been an azz


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Righty Ho!

    Unless eircom publish a proper advisory in the national press by next friday morning, one weeks time, I will publish the detailed exploit here .....and elsewhere .....in order to make them publish a proper advisory.

    There is no point in hiding this issue any more .

    They have one week from now . As for the stuff in the pipeline they can tell the shops to print the advisory and sellotape it to the boxes .

    There are well over 100k of these things out there, either deployed in use or in the pipeline :(

    Even telling everyone to change the last 2 digits of the SSID, forthwith, would do the trick.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,497 ✭✭✭Nick_oliveri


    Sure there was a default WEP key for a lot of routers not so long ago. This doesn't surprise me tbh.

    NTL router in the brothers apartment had wireless and no security turned on by default. I'd say a few people in Raheny were happy for those few months. They even managed to change the admin password.

    Anyone ever heard of the Linux distro "Backtrack"?


  • Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie


    If we can get this on the front page of Digg they "may" so something about it....

    http://digg.com/security/Eircom_Exposes_Its_Broadband_Customers_to_Serious_Security_Risks


  • Closed Accounts Posts: 16,396 ✭✭✭✭kaimera


    Arse.

    I couldn't find a way to stop broadcasting the SSID on my own netopia router without disabling wireless completely. :-/

    WPA + MAC addy wifi access only + changed SSID I have already.


  • Registered Users, Registered Users 2 Posts: 4,051 ✭✭✭bealtine


    Sponge Bob wrote:
    Righty Ho!

    Unless eircom publish a proper advisory in the national press by next friday morning, one weeks time, I will publish the detailed exploit here .....and elsewhere .....in order to make them publish a proper advisory.

    I say publish now.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    No! Its only fair that they should have a chance to tell people.

    Next friday 28/09 , midday, is their deadline .


  • Closed Accounts Posts: 4,858 ✭✭✭paulm17781


    Sponge Bob wrote:
    No! Its only fair that they should have a chance to tell people.

    Next friday 28/09 , midday, is their deadline .

    Have you put this to Eircom?


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    It was put to eircom over a week ago

    http://www.bartbusschots.ie/blog/?p=511
    Bart B on September 11th, 2007 2:50 pm Paul, who in Eircom would I send it to? You remember trying to get in touch with anyone competent in there back when we were trying to get them to give up the SU’s domain a few years back. I’ve had a few dealings with them since, they are every bit as impenetrable as ever they were. Emails go un-answered and when you phone them they play a game of ‘pass the call’ with you. I don’t have an hour of my life to piss down the toilet ATM. Best I can do is warn users on this blog so that’s what I’m doing.

    Bart B on September 11th, 2007 3:12 pm Just as a little update on this. For ****s and giggles over lunch I decided to play a game of pass the call with Eircom. As I expected I got passed all round the place and eventually ended up with tech support who were none too keen to help unless I was the customer. Thankfully the guy was reasonable and in the end agreed to take my name and number and ask his supervisor to ring me. He insisted he couldn’t transfer me. I’m dead curious to see if I ever hear back.

    I also contacted comreg who told me it’s not their area because broadband is Ireland is not regulated. They suggested I contact the National Consumer Agency and were kind enough to give me the number. So I’m gonna give them a shout now.

    Some time later a crack appeared in the glacier . Eircom :eek: Rang Back :eek:
    Eircom tech support left me a voice mail while I was talking to the NCA to tell me it’s a matter for Eircom Customer Service and left a number. Lets see what becomes of this!

    Bart B on September 11th, 2007 3:38 pm OK, got on to Eircom Customer care. Took a little while and, as Des would put it, I had to be the opposite of a door matt but a call has been logged and they took all the details of my complaint. I suggested adding the URL to this post into the call but the guy didn’t seem keen. Anyhow, now we play the waiting game again.

    And thats it . I left it a week to see if anybody in eircom gave a sh1t before starting this thread.

    They are now 6 days and 23 hours away from full disclosure . Eircom read this board all the time :)


  • Registered Users, Registered Users 2 Posts: 2,725 ✭✭✭oleras


    Sponge Bob wrote:
    Righty Ho!

    Unless eircom publish a proper advisory in the national press by next friday morning, one weeks time, I will publish the detailed exploit here .....and elsewhere .....in order to make them publish a proper advisory.

    There is no point in hiding this issue any more .

    They have one week from now . As for the stuff in the pipeline they can tell the shops to print the advisory and sellotape it to the boxes .

    There are well over 100k of these things out there, either deployed in use or in the pipeline :(

    Even telling everyone to change the last 2 digits of the SSID, forthwith, would do the trick.


    Yeah Eircom !!! Listen up,or else...............oh yeah, sponge bob left out you also better enable the patrickswell exchange, or its gona hit the fan....BIG TIME BABY !!!


  • Closed Accounts Posts: 106 ✭✭bungholio


    we've all dealt with eircom in the past, we all know what they like, and tbh i dont even know what youre waiting for, as in the words of Nike, Just Do It


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    this is a big problem that can't just be solved overnight or with a phone call.
    @SpongeBob, i think it would be highly irresponsible to discuss the details of the key generation proces on a public forum.
    yes, i know i mentioned on the security forum about it, but i was just ..testing the waters so to speak, not asking if anyone knew how to do it.

    yes, it is wise to inform people..but posting a 'how to do it'?? thats crazy, and is not going to solve anything.

    you're only going to have thousands of people around the country using other peoples internet access for all kinds of illegal activity.

    please atleast consider the trouble you will causing by telling people how to do it.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 150 ✭✭GreyAlien


    WEP can be so easily cracked in 5 minutes or so, I don't really see how this adds anything new to that. I think it'd be far easier to packet sniff a network, then to write an app algorithm to get the key.

    Changing to WPA would be one solution, but not every single device supports this. Keeping it on WEP does make some sense for compatibility.
    Most people don't have the knowledge to crack a WEP network anyway, so it should stop the casual person trying to connect.


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    WEP can be so easily cracked in 5 minutes or so, I don't really see how this adds anything new to that. I think it'd be far easier to packet sniff a network, then to write an app algorithm to get the key.

    no, unfortunately it wouldn't be easier to do what you just said, otherwise there would be little to worry about.

    as said in Barts post, you only need the default SSID to discover the default WEP key.

    in the hundred thousands - these eircom routers exist and being used everyday.. it would be irresponsible to publish details of the flaw before eircom have had a chance to address it.

    IMHO 1 week is not adequate time, 1 month wouldn't even be enough..thats assuming eircom plan to fix it.

    Even if they don't, can't see what good it will do telling everyone how to get the WEP key from the SSID.


  • Closed Accounts Posts: 9 lonewolf


    Wow, I didn't think that post on Bart's blog would cause this much action. Lets just get a few things in order.
    1. Yes I am the source mentioned
    2. No I'm not going to release the code
    3. I think Sponge Bob is a fool if he releases his copy.

    Having this kind of exploit in the wild would cause big trouble for everyone on a default setup Eircom broadband box. If you want to stay safe from the exploit, just change the last 8 digits of your Eircom SSID (eircom1234 1234). That's it. Exploit defeated.

    The code will not be released.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    lonewolf wrote:
    Wow, I didn't think that post on Bart's blog would cause this much action. Lets just get a few things in order.
    1. Yes I am the source mentioned
    2. No I'm not going to release the code
    3. I think Sponge Bob is a fool if he releases his copy.
    1. you are A source for the assertion that the code reversing can be programmed Lonewolf.
    2. Did you write the Polish variant of the key reverse generator
    3. if not who did write the Polish variant I saw ...this month actually .
    4. I did not say who showed me the english language interface reverse generator I saw, I will say it was not Lonewolf and if Lonewolf has not released his copy to anybody then there is another variant . It seemed utterly different to the very neat Polish one I also saw.
    5. There are therefore 3 generators around that I know of now .
    Having this kind of exploit in the wild would cause big trouble for everyone on a default setup Eircom broadband box. If you want to stay safe from the exploit, just change the last 8 digits of your Eircom SSID (eircom1234 1234). That's it. Exploit defeated.

    I did say that changing the last 2 digits _should _ defeat the generator . Are you in agreement or was I wrong on that Lonewolf .

    Either way the exploits are out there now and 100k poor sobs think that they are totally protected by the wep key .

    Any gob****e who knows what a keygen is can crack the crypto now .

    Thats a far far greater level of risk than someone who knows what 'promiscous' means .

    Eircom have less than 6 days to publish an 'adequate' advisory in the national media. They have already bough the advertising slots so its simply a matter of producing the content for the slots. They are the ones who caused the problem .


  • Closed Accounts Posts: 9 lonewolf


    I know at least twenty people (good friends and acquaintances) with their own variants of the ssid to wep key generator and I can assure you none of them are, as you put it, gob****es.

    So you have your own version of the generator. It's not that hard to write and certainly not worth flapping about on forums.


  • Registered Users, Registered Users 2 Posts: 3,191 ✭✭✭uncle_sam_ie


    Anyone concerned about their security should listen to this podcast( episodes 11 and 13). http://www.grc.com/securitynow.htm
    If you take precautions there is nothing to fear.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Righty Ho

    There are 23 Programs out there

    Publish


  • Registered Users, Registered Users 2 Posts: 67 ✭✭supervixen


    what is the problem ? I changed my SSID to XXXX, end of story :)

    actually the whole thing is the perfect excuse for exceeding the cap...........


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    supervixen wrote:
    what is the problem ? I changed my SSID to XXXX, end of story :)

    no, you must stop using WEP to fix this i'm afraid.
    i've no doubt sponge bob will have all the gory details revealed by friday..which i can't say is a good idea, but its doubtful he'll listen to me!

    there are 3 ways to recover the default key, and the only temporary solution is to use WPA instead of WEP or switch it off altogether.


  • Advertisement
  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Still no advisory to the customer base not that it surprises me :(

    52 hours to go !!!!!


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    anyone wanna post this software? I would like to debug it. The Eircom software that is.


  • Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie


    anyone wanna post this software? I would like to debug it. The Eircom software that is.


    http://broadbandsupport.eircom.net/download/netopia/drivers/3347nwg-setup.exe


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    thanks.


  • Registered Users, Registered Users 2 Posts: 3,503 ✭✭✭thefinalstage


    thanks.

    Fix it and let spongebob look it over than release it. Make sure to put your name on it too.


  • Closed Accounts Posts: 113 ✭✭bartificer


    Hi folks, I've just been pointed at this article now. I must say I'm glad to see people have taken note of my blog post. My aim was to bring it to people's attention, so that seems to have worked in a limited way at least.

    I have one wee update from today. I got a call from Eircom telling me they are working on a response and that it will be in the post to me soon, probably tomorrow. I will of course let you all know how that goes.

    I just want to add a few other small points:

    1) WEP is fundamentally broken. It was a little bit broken when the episodes from security now that were linked earlier were released, it is now even more broken. We're talking between 1 and 2 minutes. The new technique uses a replay attack with ARP packets to pump the traffic and quickly pick up the required number of packets to do the crack.

    So - bottom line - DON'T USE WEP

    Eircom need to make it clear to their customers that WEP is only pretend security, it is not real security.

    2) MAC locking achieves NOTHING. It can be trivially by-passed as has already been explained in the thread.

    3) Turning off SSID broadcasting is also not an effective protection. The SSID is still in all the transmitted packets. An attacker can still get it so again turning off SSID broadcasting is only pretend security, not actual security.

    4) Yes, WPA can be broken and WPA2 is a lot better. HOWEVER, WPA is DRAMATCIALY better than WEP. From what I could see the Netopia routers don't suppor WPA2 but they do support WPA. At the VERY least Eircom need to advise their customers to use WPA if at all possible and explain to their customers that WEP provides almost no actual security. They also need to tell their customers to either change their SSID or their encryption key. Even if people do move to WPA they are still no better off if they continute to us the Eircom generated key!

    Oh ... finally ... I would request people not post the code. I have one version and I know of at least two other methods of executing this attack. So, it is clear that there are a lot of people who know this already. Lets not make things worse just yet. If Eircom do not respond in an appropriate way then perhaps it would be understandable to publish code. Personally I will not do it, but I could understand others doing it.

    Finally, if Eircom do not respond appropriately I plan to take this issue to the media. Should that happen I'd really appreciate some help and advice, as a sys-admin I'm not really practised at dealing with any media other than tapes and DVDs and stuff :)

    Anyhow, thanks for spreading the word and please pass this link on to any Eircom customers you know.

    Bart.


  • Advertisement
  • Closed Accounts Posts: 11 dirtchamber


    How many hours left? !!


  • Closed Accounts Posts: 353 ✭✭BloodSugarSex


    i just spotted this thread, im shocked, the last four digits of my SSID were changed already but it was on WEP, ive just changed it to WPA, thanks everybody :)


  • Closed Accounts Posts: 9 lonewolf


    Sponge bob, please think before you do something you will regret. I thought long and hard about releasing my code, but came to the conclusion that it wouldn't benefit anyone. Think about it..
    • Peadophilles suddenly able to access all sorts of perverted material anonymously with someone else getting the blame. Laptop + Car + Exploit = Simple.
    • Huge phone bills for families/students/anyone caused by leachers maxing out their download limits.
    • Stolen credit card/banking details and identity theft by anyone with the skill and within Wifi range.
    • Stolen customer data from small businesses using the service. Imagine for instance a mortgage broker with a Netopia box.

    The damage, misery and financial cost of what you are about to do is unreal. Anyone with proper ethics would realise this and see past the 5 minutes of "I'm the guy who screwed Eircom over" fame crap.

    Grow up and get a conscience because if you let this bomb off, you will be responsible for all of the above. Sure its Eircom's fault for having the flaw in the first place, but this count down stuff is childish and with such a large company it would take time for them to respond. Just throwing the code into the wild won't fix anything.

    If you truly want to help, continue your discussion with them and see if you can work together to find a solution.


  • Registered Users, Registered Users 2 Posts: 8,367 ✭✭✭ongarite


    lonewolf wrote:
    Sponge bob, please think before you do something you will regret. I thought long and hard about releasing my code, but came to the conclusion that it wouldn't benefit anyone. Think about it..
    • Peadophilles suddenly able to access all sorts of perverted material anonymously with someone else getting the blame. Laptop + Car + Exploit = Simple.
    • Huge phone bills for families/students/anyone caused by leachers maxing out their download limits.
    • Stolen credit card/banking details and identity theft by anyone with the skill and within Wifi range.
    • Stolen customer data from small businesses using the service. Imagine for instance a mortgage broker with a Netopia box.

    The damage, misery and financial cost of what you are about to do is unreal. Anyone with proper ethics would realise this and see past the 5 minutes of "I'm the guy who screwed Eircom over" fame crap.

    Grow up and get a conscience because if you let this bomb off, you will be responsible for all of the above. Sure its Eircom's fault for having the flaw in the first place, but this count down stuff is childish and with such a large company it would take time for them to respond. Just throwing the code into the wild won't fix anything.

    If you truly want to help, continue your discussion with them and see if you can work together to find a solution.

    I disagree on a few counts.

    As you have already mentioned in previous posts, the WEP security that nearly all Eircom routers can be easily discovered in 2 mins with well known and available tools. Releasing the code that Sponge Bob has is just going to make it a little easier to leech into somebodies router.
    Little or nobody has ever been charged for going over the DL limits with Eircom or resellers of Eircom DSL lines.
    If businesses are using WEP security knowingly then thats pretty stupid.

    Eircom are going to stay quiet and pretend / hope this never happened and that people like you will be too scared to release it.

    I say fair play to Sponge Bob for having the balls to go through with this.

    Its like MS Windows security patches, they're never fixed proactively, only retroactively when the flaw is out in the open and has to be patched.


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    i agree with lonewolf on this one.

    the arguement from those who want to know the details and say something like "please tell me, WEP is so easily broken anyway" is bogus - because owners of the routers might not actually be using wireless access provided by it in the first place.

    but lamers don't need to worry about that anyway.. since if they want the key, its no problem, Sponge Bob will help them by publishing the minor details of it & some code before giving eircom a chance to tell everyone through the proper channels.

    from what i understand, Sponge Bob has issues with eircom. And now that he's got something to upset them, he's gonna use it, regardless of the problems that will cause for the customers he pretends to care about.

    if he really was concerned about the customers, as lonewolf has already said, he'd just work out some kind of solution and allow eircom to respond.
    Its like MS Windows security patches, they're never fixed proactively, only retroactively when the flaw is out in the open and has to be patched.

    Microsoft have automatic updates, am i mistaken in saying there are none for these eircom routers?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,839 ✭✭✭Hobart


    This is like a very badly written version of War Games. Most people, tbh, would not know or do not care what a wep code is. By other people taking advantage of their wireless network, they will think they have a virus, d'internet is broke, etc....

    Releasing this will not bring the world to a stop, nor will it result in every house being hacked.

    At 12:01 today I'm hoping to have a program written that will allow me to farm multiple wireless routers (my neighbours actually) and give me a virtual upload and download speed of 10GB b 17:00 today. I will then switch off the internet ay 18:00, unless muck decides to stop this folly.

    You have been warned! 10 and 1/2 hours to doomsday!!


  • Closed Accounts Posts: 11 dirtchamber


    I reckon it should be released so Eircom have to change the way they 'secure' their Wireless Routers.


  • Closed Accounts Posts: 113 ✭✭bartificer


    I'm going to chime in again against releasing the code.

    Yes, those with some good techie skillz can crack WEP trivially. But that's a pretty nerdy thing to do. Running a program is a pretty trivial thing to do. Run this, type the SSID, get the key. Just about anyone can manage that!

    So, although WEP provides no signifficant barrier to someone who knows what they are doing, it does deter casual would-be-leechers much more than a simple program would.

    Bart.


  • Registered Users, Registered Users 2 Posts: 469 ✭✭knuth


    bartificer wrote:
    I'm going to chime in again against releasing the code.

    Yes, those with some good techie skillz can crack WEP trivially. But that's a pretty nerdy thing to do. Running a program is a pretty trivial thing to do. Run this, type the SSID, get the key. Just about anyone can manage that!

    So, although WEP provides no signifficant barrier to someone who knows what they are doing, it does deter casual would-be-leechers much more than a simple program would.

    Bart.

    Wrong. Those who have the ability to observe flash movies can crack WEP & WPA. There is nothing technical in setting up VMWARE and loading an iso. As pointed out earlier, it takes roughly 5 minutes to succesfully crack most routers using WEP with the pen testing tools available on hand, give or take a few minutes on your typing skills. :P

    Eircom done the bad thing by using WEP in the first place, they _should_ of changed to WPA over due time but they didn't.

    Spongebob: Threatening to release damaging code in one week to an ISP that has shipped over "100k" of these modems is nothing more than a weak stab of obtaining fame. They can not fix anything in that ammount of time.


  • Closed Accounts Posts: 4,858 ✭✭✭paulm17781


    lordlame wrote:
    Spongebob: Threatening to release damaging code in one week to an ISP that has shipped over "100k" of these modems is nothing more than a weak stab of obtaining fame. They can not fix anything in that ammount of time.

    In his defense he only asked Eircom to notify customers, even in the media. So far they have done nothing.


  • Closed Accounts Posts: 113 ✭✭bartificer


    lordlame wrote:
    Wrong. Those who have the ability to observe flash movies can crack WEP & WPA. There is nothing technical in setting up VMWARE and loading an iso. As pointed out earlier, it takes roughly 5 minutes to succesfully crack most routers using WEP with the pen testing tools available on hand, give or take a few minutes on your typing skills. :P

    I'd argue that running VMWare is a pretty nerdy thing to do compared to just running a program. The barrier to entry strikes me as being a lot lower if this code gets released than if it doesn't.

    Bart.


  • Registered Users, Registered Users 2 Posts: 2,013 ✭✭✭lynchie


    Eircom have been given notice of this issue. They have not acknowleged there is an issue so far nor will they do anything about it unless the issue is put in the spotlight. The only way to do that is to release the code. Otherwise they will sit on the arses doing feck all about this issue.


  • Registered Users, Registered Users 2 Posts: 1,183 ✭✭✭Antilles


    Eircom are interested exclusively in covering their own asses. If the code is not released, they will do nothing.

    Of course, knowing them as I do, even if the code is released, it is also quite possible that they will do nothing except issue a press release half-assedly advising people to upgrade security and then do nothing to improve things on their end.

    I honestly have never seen a company with such disregard for its customers. It is astounding. The staff all know how bad it is, but management do absolutely nothing to improve the situation.The information on Bart's blog was given to senior eircom management weeks ago, so Sponge Bob's threat is not the first they have heard of it, either.

    Mark my words - any action Eircom take will be to cover themselves legally, and nothing more. Any further movement would just be to the benefit of their customers, and that is something utterly unheard of with Eircom.


  • Closed Accounts Posts: 2,000 ✭✭✭fl4pj4ck


    lonewolf wrote:
    Peadophilles suddenly able to access all sorts of perverted material anonymously with someone else getting the blame. Laptop + Car + Exploit = Simple.


    have you heard about The Onion Routing?


  • Closed Accounts Posts: 9 lonewolf


    fl4pj4ck wrote:
    have you heard about The Onion Routing?

    Yes I have and that wasn't what I was getting at. I meant that if everyone had an easy "click click heres the wep key" program, anyone with basic computer experience could take advantage.


  • Advertisement
This discussion has been closed.
Advertisement