SECUR> Sprint DSL's Gaping Security Hole
- From: Gleason Sackmann <gleason@xxxxxxxxxxxxxxx>
- To: NetHappenings <nethappenings@xxxxxxxxxxxxx>
- Date: Fri, 24 Jan 2003 07:48:07 -0600
**************************************************************
Net Happenings - From Educational CyberPlayGround
**************************************************************
Sprint DSL's Gaping Security Hole
Subscribers to Sprint's FastConnect broadband service could have their
email addresses and passwords stolen. The ZyXel Communications DSL modems
Sprint gives its customers has remote access administration software
protected by a default password "1234". An attacker can use the default to
gain access to information stored on the modem, such as passwords. Users
who have not changed the default are vulnerable, even while the computer is
turned off, since the modem often remains active. A scan of a sample of
Sprint DSL modems revealed that 90% of the sample hadn't changed the
password. Sprint advises changing the password, and will post instructions
on their website for disabling the remote administration feature.
http://www.wired.com/news/infostructure/0,1377,57342,00.html
**************************************************************
The Net Happenings mailing list is a service of
Educational CyberPlayGround - http://www.edu-cyberpg.com/
**************************************************************
Linking and Announcements For Net Happenings are provided
by http://www.EricWard.com and http://www.URLwire.com
**************************************************************
If you have any questions, concerns, suggestions, or
would like to sponsor the Net Happenings service -
<http://www.edu-cyberpg.com/Community/Subguidelines.html>
Subscribe | Unsubscribe | Change Email Preferences -
<http://www.edu-cyberpg.com/Community/NetHappenings.html>
**************************************************************
Other related posts:
- » SECUR> Sprint DSL's Gaping Security Hole