Do you have D-Link router ? If so, stop using it - You're not safe

[Digital Doctor]

Cause if it is, I never said it was via wifi. This exploit would be via lan or internet

LAN

 

[mistypants]

Not broadcasting the ssid does nothing really unless you are talking about the cases where people don't change the default password and someone is being a nosey pest as someone who knows what they are doing is going to see your bssid, the channel you use and eventually your essid no matter what you do...and then to a slightly skilled person the MAC filter is useless as well as a couple of pings, a handshake or two and someone can just borrow a whilelisted MAC addy already on your network and then gain access using your passphrase or key which they can get in plain text with relative ease if they have already done any of this.

Either way, even if someone doesn't do any of that...if your router has a vulnerability such as accepting random requests for plain text config files it doesn't really matter what settings you set.

The odd thing is when someones network gets hacked...it is highly probable that the only reason that they were able to gain access to the wireless network in the first place is because the router was communicating with client over air.

Wireless networks are weak sauce in general.

Oh definitely. If you can avoid using wireless, you should. But the precautions I mentioned are really for the average home user, obviously if you're in a business environment (or at least, a sensitive environment) then you really need to up your precautions (through things like just using wired, proper subnetting, encrypting all traffic, etc.).

 

[Adam Howard]

LAN

You're good

 

[TPerry]

Then you're lucky not to have one of the affected models.

edit: Wait.... Is that the wifi screen? Cause if it is, I never said it was via wifi. This exploit would be via lan or internet

Just tried it via my IP to my D-Link at the (that I just plugged in to test). No joy... but guess that is due to the fact that I have port 80 routing to my server instead.

 

[vietsui]

I'm very happy with my Linksys )

 

[Adam Howard]

Just tried it via my IP to my D-Link at the (that I just plugged in to test). No joy... but guess that is due to the fact that I have port 80 routing to my server instead.

http://xenforo.com/community/thread...ter-if-so-stop-using-it-youre-not-safe.61738/

See post #1

With D-Link it only seems to be with those model's listed (by model number). And your browser's user agent string is set to xmlset_roodkcableoj28840ybtide

You will not need a user name or password, you'll be automatically logged in.

 

[ManagerJosh]

To be fair, all the major router manufacturers have gotten pretty careless recently. You name it, they probably have something that's just waiting to be exploited.

The problem lies in the fact too many schools, academies, etc. teach code and how to make it operational. They always forget to make the code resilient and secure.

 

[EQnoble]

To be fair, all the major router manufacturers have gotten pretty careless recently. You name it, they probably have something that's just waiting to be exploited.

I have pretty much come to a similar conclusion, all consumer level network hardware seems to be crap now a days.

The problem lies in the fact too many schools, academies, etc. teach code and how to make it operational. They always forget to make the code resilient and secure.

Great...there goes my plan of trying to find a school to officially teach me to program. Guess I'll go back to grunt work.

 

[ManagerJosh]

Great...there goes my plan of trying to find a school to officially teach me to program. Guess I'll go back to grunt work.

There is nothing wrong with learning programming. Just understand that many schools teach it is more important that your code works rather than your code works and is secure.