[Sussex] JavaScript is no longer secure: TURN IT OFF NOW!
Andrew Guard
andrew at andrewguard.com
Sun Aug 13 13:58:25 UTC 2006
Steven Dobson wrote:
> On Sun, 2006-08-13 at 11:06 +0100, Nicholas Butler wrote:
>> So is it not therefore better to
>>
>> 1) switch off upnp configuration on all network devices.
>
> This is something you should do anyway.
Very true, upnp is total waste of time and never really worked.
>> 2) change the default passwords on your router
>
> Don't all the manuals that come with a router say to change the default
> passwords as the first part of configuing the device?
That not fair, now your giving away black hats best keep securities.
It would be better if routers where set up so that couldn't make an
connect throw the wan until you have change the password.
>> 3) err not use linksys ?
>
> Well the bug was found six months ago and Linksys was told of it then.
> If they are not going to fix bugs then all that can be done is to go
> public about the bug so we all know _not_ to use Linksys if we want
> security.
It easy to patch a Linksys not to use there software ie OpenWRT.
--
C.R.A.P. formally know as DRM
Cancellation, Restriction, and Punishment
http://www.p2pnet.net/story/8080
http://www.defectivebydesign.org/
More information about the Sussex
mailing list