Security issues for routers
In a letter addressed to all its subscribers, the Be Broadband Blog has said that they have been informed of a possible security problem which could target the BE Box. The crux of the problem, according to the letter, was that it would enable someone else to change the settings on your router.
In an effort to get everyone, including people who didn’t read this letter, protected, they decided to update the password automatically for all its subscribers. The password will be unique to each subscriber and will be the individual serial number which is found at the bottom of the BE Box. A guide is available for changing the password subsequently at their website.
Be wanted to emphasise that the wireless key was not being modified, but it was the administrator web interface’s password that was being changed.
The script was automatically run on the 7th of September. For subscribers who didn’t want Be to do this, they were allowed to stop it by downloading and running the tool from their website.
For their more tech – savvy customers, a detailed explanation was given with regard to the problem. They said that the BE Box was under threat from an XSS which was working in tandem with a CRSF and enabled a remote attacker to carry out actions on the Web UI by using a JavaScript without the knowledge of the subscriber.
The short term would see the halting of this occurrence by setting the password as the serial number of the customer’s BE Box.
After this had been done, if any unauthorized person attempted to hack your router, you will be asked to enter your Admin password. Do not enter it or else the attack will become successful. Do not enter your password when it randomly asks for it.
Be said that they would be working with Thomson in the long run in order to make the firmware’s resistance to these attacks better.
Flaw compromises the security of O2 routers
The Guardian reports that anyone having a router provided by O2 might find that they are vulnerable to remote attacks, according to an O2 customer, who has repeatedly tried to get O2 to take notice of this problem.
The details about this are fairly complicated and depends on ‘cross – site request forgery’, something most of us (including myself) may have never heard of. This is a very serious issue and you should be worried. If in possession of an O2 router, you should reset the default password and ensure that O2 hasn’t changed it back, according to the O2 customer, Andrew Brown.
Nearly 457,000 of O2’s customers could be affected by this as nearly all of O2’s customers would be using the Wireless Box II or III, the only routers being offered by O2. Zen Broadband as well as Be responded to check whether the routers they provide are also affected by this problem.
According to Andrew Brown, O2 has supplied a remote update to the Wireless Boxes whereby their password is set to the serial number of the box. Though this will reduce the problem to a particular extent, it won’t get rid of it. The software release is still vulnerable to this problem.
Be Broadband had sent out a letter to its customers with regard to this, including instructions for the tech – savvies, but the penultimate paragraph should be taken note of. It says that a remote attach might lead to prompts for your router password. You should never comply with this request unless you have initiated the process. Therefore, beware of this and be aware. It is great to see that Be is being precautionary about this. O2 seem to have been doing this very thing – it is because of this that people find their admin passwords being changed suddenly.
Guernsey home broadband users to see speed increase
On the heels of an announcement that they will be reviewing the pricing of their packages, the popular ISP, Sure, announced that they would be providing high – speed broadband connections at a low cost to their home broadband users located in Guernsey.
Sure unveiled a new 8 Mbps broadband package this month which was priced at 17.99 monthly and Jersey Telecom had introduced the same for 27.99 pounds a month, which seems to have brought about this announcement.
Though Sure offers a 4 Mbps broadband package for 49.99 pounds and an 8 Mbps connection for 79.99 pounds a month for business customers, residential users in Guernsey have only been provided with a 2 Mbps service so far.
Currently home users do have the option of using this high – speed broadband package but, Sure says, business users are the ones who demand this package.
The marketing director of Sure, Paul Taylor, said that they had introduced Sure Pro 4 & 8 Mbps packaged before Jersey Telecom, but they had been priced according to the business users, which explains the demand for it. He continued by saying that they were investing 2 million pounds for expanding their network by utilizing street boxes so that they would be able to meet the increased demand for high speeds from their customers. They will be having a look again at the offerings being provided and would be consulting the other ISPs in the island, due to legal obligations, and, he continued, expected to make a further announcement on this regard within a few months.
Sure said that they hoped to change their current 2 Mbps service in Guernsey just like the other internet providers.
Taylor also added that they were keen on supplying faster connections at a more competitive price to Guernsey, similar to the connection presently available in the UK.
