Monday, November 14, 2005

A tip on security

Many people do it. Some for fun, some to harden their internal security, while many others do it for pure malice. Yessirree humanoids.. hackers. the scums of the internet. And it's not hard with today's ease of access. A quick search on any of your famous search engine unleashes a great wealth of tools one can use to create havock. They've made it so simple to hack, any regular joe can download many of the millions of tools available online to carry out the deed.

Many hackers are just plain "Script Kiddies"; in other words the guys who download free tools like trojans with cool hacker's console.. What they do is drop the lil' bugger in their friend's PC by faking it to look like some sort of flash game and the next thing you know, your CD-ROM drive open and closes by itself. All is good fun, until that picture of you stored in your PC, doing things with a ketchup bottle normal people don't do get's spread across the internet. Do feel like flushing your head down the toilet right about now?

Of course you got the good guys or "White hats" as their called, who master the art of hacking purely to strenghen their network and to educate people on internet / systems security.

Last but not least, the crapazoids of the nation "Black hats" who hack purely to gain beneficial returns to themselves and no one else. These are the people who steal your credit card information and go on a shopping spree online. For those of you who have been victim of such attacks, you probably think, 'yeah so that dude shopped with my credit card and the bank found out, called for verification, and im not going to have to pay for it.. so big deal!!'.. Wrong again bucko! Someone's gotta pay for it, either the merchant or the bank. Its cost to the company baby so it gets absorbed back into their budget one way or another.. Trust me, you'll be paying for it indirectly one way or another.. Like they say, what goes around comes around.

"Yeah Yeah, big deal! hack mah hack my lanciao pc lah.. got nothing of your interest oso what!"



Okie dokie, if that's what you say. Just a word of advise. Many hackers don't hack you to get information about your birthday party and dog's next manicure appointment. They do it to make you a "zombie", typically to use YOUR PC to ram a target. A good example, Distributed D.O.S. Attack. (Denial of Service). For all you know, the master hacker is using your PC (and probably a million other zombies machine) to ram the webserver of a prominent company in an effort to bring their server to a standstill. Now the last thing you need is the authorities knocking on your door and holding you liable for a crime you didn't commit!! Especially if you have a static public IP registered to your name, or your company.

The lesson of the day?

Today, just one lesson to get you started on the road to hardening your security; and probably the most basic of all.. Always change your passwords! Especially the darn default streamyx password and your router password! An example,

If you're using Streamyx and you got a ZXADSL 831 modem router from telekom, you can simply access the router configuration by keying in http://192.168.1.1 at your browser and logging in with the default login credentials:

username : ADSL
password : expert03

For a blackhat on the net, obtaining your public IP isn't that difficult. In other words i can access your router and change some configuration and the next thing you know, your service is down.

OR.

Blackhat gets your Streamyx user login credentials and register for TM Hotspot. You pay the bills while the hacker surfs full of glee at starbucks.

OR.

Blackhat accesses your streamyx web based mail and sends liable crap to people, in anyway you're in trouble if the intent is malice. Anyway, this is to name you a few crap that can cause you hellava lot of unnecessary trouble.

So always remember:
  1. If you got a broadband router, always change your default password.
  2. Try rebooting it a couple of times, update some configurations if you have too and then try logging in again. Some routers have been known to reset their logon credentials to default after configurations have been made. Patches or fixes can be obtained from the router vendor, so don't forget to patch it.

Anyway, maybe youre not able to rid the world of hackers, but at least you played your part in getting rid of the cyberpunks and script kiddie scums. There's only so much they can do before they give up, so play your part and happy surfing!

*** A Tech Talks community Service ***

5 Comments:

Blogger Acrix said...

Thanks for the reminder or advice :)

2:06 PM  
Blogger TechTalks said...

no problem man.. =)

9:01 AM  
Blogger shawnchin said...

Even corporate setups with branded hardware are vulnerable to default password attacks.

Furthermore, default passwords are just a google search away.

Here's and example of what is easily available: http://www.phenoelit.de/dpl/dpl.html


BTW, interesting site. Cheers.

8:19 AM  
Blogger cancelthisacct said...

Oh man!! Gotta change my router & modem password! Tell u, this TMNet people, really no security conscious la. By the way, good blog.

12:59 PM  
Blogger TechTalks said...

Shawn: Yup, you're so right on this. Many corporate setups do make the mistake of not changing their passwords esp. on the router. Thanks for the URL!! Will bookmark it for future reference.

callmejt: You're right on that buddy! TM has no security conscious, and they do not bother educating their subscribers on basic security...

Thanks for the comments you guys!

Cherios.

6:07 PM  

Post a Comment

<< Home