Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Security Blog Catchup! SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Security Blog Catchup!

With the consumer expansion of the Internet being driven by broadband access, the take up of ADSL and Cable services has been dramatic. This has had a side affect that a the majority of the spam, DDoS and fraud activities such as click-fraud are run from systems on the remote end of a broadband connection.

A month ago, the people over at GnuCitizen and the Hackers Webzine published a challenge to find out how (in)secure the routers many people use to connect to the Internet are. Well the judges have broken up from their huddle and the votes counted. The results are in, and you can catch them here, and here.

To make things more interesting, and you can see where GnuCitizen is going with this one, they have also posted a blog entry on the lack of security of many Internet connected systems which have SNMP available to the Internet.

Operating system vendors over the past decade have made considerable headway in making their systems more secure out of the box. Its better, but they have a long way to go, but network device vendors need to realise that just putting username and password authentication on a device, and turning off remote admin access from the Internet is just not enough.

Stephen

89 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!