wazua Tue, Nov 12, 2024
Welcome Guest Search | Active Topics | Log In | Register

4 Pages<1234>
Unprofessional ISPs
kalenjinherdsboy
#21 Posted : Monday, January 05, 2015 7:22:57 PM
Rank: New-farer


Joined: 1/3/2015
Posts: 86
Location: Bomet
geofreygachie wrote:

Anyway with one having access to you router ,traffic(think all credentials, business emails and conversation) can be redirected to a rogue DNS server and within no time your email account is not accessible you pc is infected with a keylogger that notes every stroke of the keyboard.Endless possibilities.


Come on now, its much easier to securely configure your computer than the network.

Will you configure the network when reading mail on public wifi? What about when you need to access financial services?

Networks as they exist currently are insecure by default.
Jus Blazin
#22 Posted : Monday, January 05, 2015 7:24:09 PM
Rank: Elder


Joined: 10/23/2008
Posts: 3,966
geofreygachie wrote:
Jus Blazin wrote:
I am trying to understand what you are talking about. Your posts are very vague. What do you mean unprofessional ISP? What if I gave you my IP address and you exploited me? Please post your claims/suspicions here in non-IT English please. That way, many Zuku users will understand what you are on.

For a long time now Zuku and their sub contractors(e.g Kenyacam) have been setting up clients and not advising them on how to secure their(clients) network i.e by setting up SSID or WIFI security.Some clients have managed to change this SSID or WIFI to suit them and more secure.This however is just one part of basic security.Most of the routers have an option for remote access meaning that if i have the IP address assigned by Zuku i can go ahead and access the device from any location since most of them have the default username and password its quite easy to login.This backdoor access mostly affects Cisco EPC2425 router/gateway for those on the old Zuku network and Huawei HG8245 which are being used on the new Fiber network.
By someone having access to your router, a number of things can happen e.g change the DNS server in a way that all you traffic will go through a specific server and hence information from you router can be harvested this includes you logins and passwords and this is for everyone connected to the router.
Or petty people would change the password to your router and wifi locking you out though a router reset would resolve this.
I have contacted Zuku regarding this problem of default credentials but they have not responded.I have so far been able to test and verify my claim with close to fifty routers on Zuku network specifically Huawei HG8245.I am however sceptical on displaying someone's IP address because i dont have control of what will happen after that.I am posting this to help resolve this and not to be a source of pain and misery.

So if I'm able to change my SSID and password, which anyone can through the browser through website 192.168.0.1 (which I found out through google with username: admin, password: password), does that mean I'm more secure than those with default credentials? Coz this IT world is a jargon to be precise. Most of us may not understand the underlying.
Luck is when Preparation meets Opportunity. ~ Lucius Annaeus Seneca
holycow
#23 Posted : Monday, January 05, 2015 7:40:23 PM
Rank: Veteran


Joined: 11/11/2006
Posts: 971
Location: Home
Let me call you bluff. Here we go. I got Zuku Fibre, my router is pretty old, actually, a Cisco EPC2425. Well, send me mail on holycowazua@gmail.com so that i can give you my IP address. Just a quick one, which IP do you need? I seem to have different ones. The one from "whats my IP" is in the range of 154.70.xxx.xxx while the one from router DHCP is 10.224.xxx.xxx.
nakujua
#24 Posted : Monday, January 05, 2015 9:29:47 PM
Rank: Elder


Joined: 12/17/2009
Posts: 3,583
Location: Kenya
geofreygachie wrote:
nakujua wrote:
I think the isp know what you term as an exploit, but whats the worst that can happen to a user who happens to have the default credentials on the router ?

mimi sioni cause for alarm, its like standing on the road hapo athi river pulling out a pair of binoculars then looking through them and you see that gated estate hapo and then claiming you have found a security exploit, since a thief can do the same. smile


What if using the binoculars you note that the gate and main door to House No X has a faulty padlock which is pulled to unlock and pushed to lock just that.Tafakari hayo.Endless possibilities.
Anyway with one having access to you router ,traffic(think all credentials, business emails and conversation) can be redirected to a rogue DNS server and within no time your email account is not accessible you pc is infected with a keylogger that notes every stroke of the keyboard.Endless possibilities.

My point is it's not necessary, trying to secure the road.
no way a keylogger can be installed via a router, and unless your business mail is run by a crook - I would expect the minimum for the tunnel to be encrypted.
nakujua
#25 Posted : Monday, January 05, 2015 9:34:47 PM
Rank: Elder


Joined: 12/17/2009
Posts: 3,583
Location: Kenya
kalenjinherdsboy wrote:
geofreygachie wrote:

Anyway with one having access to you router ,traffic(think all credentials, business emails and conversation) can be redirected to a rogue DNS server and within no time your email account is not accessible you pc is infected with a keylogger that notes every stroke of the keyboard.Endless possibilities.


Come on now, its much easier to securely configure your computer than the network.

Will you configure the network when reading mail on public wifi? What about when you need to access financial services?

Networks as they exist currently are insecure by default.

Huyu jama anabeba watu aje, just wants to alarm guys - ati install keylogger via a router.
nakujua
#26 Posted : Monday, January 05, 2015 9:40:42 PM
Rank: Elder


Joined: 12/17/2009
Posts: 3,583
Location: Kenya
holycow wrote:
Let me call you bluff. Here we go. I got Zuku Fibre, my router is pretty old, actually, a Cisco EPC2425. Well, send me mail on holycowazua@gmail.com so that i can give you my IP address. Just a quick one, which IP do you need? I seem to have different ones. The one from "whats my IP" is in the range of 154.70.xxx.xxx while the one from router DHCP is 10.224.xxx.xxx.

I think he needs the 154.70... one
holycow
#27 Posted : Tuesday, January 06, 2015 2:41:40 PM
Rank: Veteran


Joined: 11/11/2006
Posts: 971
Location: Home
This guy has a point, those on Zuku, better take him serious. Well, I'll furnish him all the details when i get home to complete the test. So far, what he has shared with me is scary. This guy knows his stuff.
nakujua
#28 Posted : Tuesday, January 06, 2015 4:32:57 PM
Rank: Elder


Joined: 12/17/2009
Posts: 3,583
Location: Kenya
holycow wrote:
This guy has a point, those on Zuku, better take him serious. Well, I'll furnish him all the details when i get home to complete the test. So far, what he has shared with me is scary. This guy knows his stuff.

if you are not comfortable sharing the details he gave you hapa, just make sure you cross check the info with 1 or 2 more IT guys before committing - he might be luring you into a trap.
lakini if the alarm is for what he mentioned i.e installing a keylogger or getting your email password - do not worry that will not happen through your router - you can change the credentials to feel safe. lakini if he is asking for more details - please keep off, unless you know him/her.
holycow
#29 Posted : Tuesday, January 06, 2015 4:37:20 PM
Rank: Veteran


Joined: 11/11/2006
Posts: 971
Location: Home
nakujua wrote:
holycow wrote:
This guy has a point, those on Zuku, better take him serious. Well, I'll furnish him all the details when i get home to complete the test. So far, what he has shared with me is scary. This guy knows his stuff.

if you are not comfortable sharing the details he gave you hapa, just make sure you cross check the info with 1 or 2 more IT guys before committing - he might be luring you into a trap.


Nope, he shared the idea with me. I have put it to test on other innocent Kenyans( i did not tamper with anyone, just peeped and left). Lets just say, the techies at Zuku are very very careless or assuming a lot.
Museveni
#30 Posted : Tuesday, January 06, 2015 4:59:07 PM
Rank: Member


Joined: 8/16/2012
Posts: 660
Information is always available online surely.

If one decides to do a research on their own it might end up a successful business opportunity.

But to raise alarm may not be that necessary.

e.g going by the already public info [ already post here ] Zukus block ips available here can be penetration tested by anyone.

Remember though:
socallinuxexpo.org wrote:
While it is fun to learn how to hack, sometimes it's tough to practice your skills without breaking any laws. It turns out if you have any consumer devices on your local network, you already have everything you need to practice penetration testing...
Live and learn; and don’t forget, nothing ventured, nothing gained.
madhaquer
#31 Posted : Tuesday, January 06, 2015 5:27:37 PM
Rank: Member


Joined: 11/10/2010
Posts: 281
Location: Nairobi
The dns redirect exploit that Geofrey is describing is just a phishing hack. Most antivirus software can detect and block faked websites and malicious code being injected by such a site. The probability of losing information in such a case is not Zero, but a phishing hack requires more than an insecure router to work. It requires the computers and other devices to be exploitable too.

Not to sound apologetic for the isp but the user is responsible for their own security when on the Internet and ensuring that the device hosting your sensitive information is properly secured has nothing to do with the ISP.
nakujua
#32 Posted : Tuesday, January 06, 2015 6:33:36 PM
Rank: Elder


Joined: 12/17/2009
Posts: 3,583
Location: Kenya
holycow wrote:
nakujua wrote:
holycow wrote:
This guy has a point, those on Zuku, better take him serious. Well, I'll furnish him all the details when i get home to complete the test. So far, what he has shared with me is scary. This guy knows his stuff.

if you are not comfortable sharing the details he gave you hapa, just make sure you cross check the info with 1 or 2 more IT guys before committing - he might be luring you into a trap.


Nope, he shared the idea with me. I have put it to test on other innocent Kenyans( i did not tamper with anyone, just peeped and left). Lets just say, the techies at Zuku are very very careless or assuming a lot.

Well, I am just groping in the dark, but as has been mentioned just because one can view a gate does not mean the police or guards are careless or assumig, I have no idea what the guy shared and whatever you managed to peep, but accusing the zuku guys while not sharing what you have found out is a bit biased.

But I repeat if what the guy has mentioned as the exploit is the case, then I don't think it's the fault of Zuku - and there is no need for alarm.
nakujua
#33 Posted : Tuesday, January 06, 2015 6:55:56 PM
Rank: Elder


Joined: 12/17/2009
Posts: 3,583
Location: Kenya
madhaquer wrote:
The dns redirect exploit that Geofrey is describing is just a phishing hack. Most antivirus software can detect and block faked websites and malicious code being injected by such a site. The probability of losing information in such a case is not Zero, but a phishing hack requires more than an insecure router to work. It requires the computers and other devices to be exploitable too.

Not to sound apologetic for the isp but the user is responsible for their own security when on the Internet and ensuring that the device hosting your sensitive information is properly secured has nothing to do with the ISP.

True, I might be wrong but I don't think it's the fault of zuku in this particular instance, of course it's good practise to secure your router - but I reckon that's the responsibility of the user, after all the thing comes with a manual.
but the alarm is not necessary, unless one is running servers behind the router.
Ash Ock
#34 Posted : Tuesday, January 06, 2015 7:04:43 PM
Rank: Member


Joined: 8/27/2010
Posts: 495
Location: Nairobi
Quote:
You might not realize you have an Internet address that’s as well-defined as your street address. To see your own public IP address, surf to whatismyip.com. Your address will be displayed in big bold letters and will look something like this: 101.75.75.101. In most cases, this public address leads straight to your router, which as its name implies, routes all data traffic between your networked computers, tablets, smartphones, webcams, and to and from the outside world.

If someone gains control of your router, you’re in for a rough time. They can open and redirect any sort of traffic anywhere they want. The havoc they wreak can also ruin a whole lot of other people’s days with what’s relayed through your equipment.


Quote:
Most routers and many NAS devices come with well-documented default login IDs and passwords (“admin” and “password,” for instance). These devices typically have installation wizards that prompt the user to change them before the device is connected to the Internet. But for one reason or another, that step is sometimes skipped and the password is never changed. Other times, the password is updated, but at some point down the line, the user performs a hard reset. This common troubleshooting step often restores the old, weak password without the user's knowledge.

Enabling UPnP on older firmware—a step that most router manufacturers recommend, because doing so simplifies configuration—can expose connectivity to FTP and SMB servers running on the router, enabling any Internet snoop to access every file on an attached storage device. An anonymous group recently posted a list of several hundred IP addresses assigned to vulnerable Asus routers.

You can’t afford to wait for the industry to wake up. Take action now to lock down your router, your NAS device, your IP cameras, and every other device on your network that’s exposed to the Internet. Unless you want people stealing your bandwidth; your private photos, documents, and movies; and watching whatever your cameras are focused on.


Source
Sent from my Black Nokia 3310
geofreygachie
#35 Posted : Tuesday, January 06, 2015 8:29:40 PM
Rank: Member


Joined: 2/27/2014
Posts: 454
Location: Republic of Enchantment.
nakujua wrote:
madhaquer wrote:
The dns redirect exploit that Geofrey is describing is just a phishing hack. Most antivirus software can detect and block faked websites and malicious code being injected by such a site. The probability of losing information in such a case is not Zero, but a phishing hack requires more than an insecure router to work. It requires the computers and other devices to be exploitable too.

Not to sound apologetic for the isp but the user is responsible for their own security when on the Internet and ensuring that the device hosting your sensitive information is properly secured has nothing to do with the ISP.

True, I might be wrong but I don't think it's the fault of zuku in this particular instance, of course it's good practise to secure your router - but I reckon that's the responsibility of the user, after all the thing comes with a manual.
but the alarm is not necessary, unless one is running servers behind the router.

At last i got a call at around 4:30 pm and Zuku is coming to its senses now.They now understand the magnitude of the problem it affecting many people.If you have a Zuku router make sure the remote login credentials are changed from factory defaults.I have thoroughly tested this for close to an year on Cisco EPC2425 and last 2 months on Huawei Echolife fiber router.I dont intend to panic all i want to share the little knowledge that i have on IT.
Divers - can you laugh in scuba gear, or will you drown? I was wondering. - James May.
holycow
#36 Posted : Tuesday, January 06, 2015 8:42:50 PM
Rank: Veteran


Joined: 11/11/2006
Posts: 971
Location: Home
Yes, i did login to many routers using the default password. Worst bit, i could actually see the computers connected to the router, i was even able to see wireless passwords. Had i wished, would have messed around with the password. Well, i am not an IT person but i guess its possible to play around with the ports and do whatever you want. In some of the routers, the wireless networks were not even secured.
geofreygachie
#37 Posted : Tuesday, January 06, 2015 8:44:18 PM
Rank: Member


Joined: 2/27/2014
Posts: 454
Location: Republic of Enchantment.
nakujua wrote:
holycow wrote:
This guy has a point, those on Zuku, better take him serious. Well, I'll furnish him all the details when i get home to complete the test. So far, what he has shared with me is scary. This guy knows his stuff.

if you are not comfortable sharing the details he gave you hapa, just make sure you cross check the info with 1 or 2 more IT guys before committing - he might be luring you into a trap.
lakini if the alarm is for what he mentioned i.e installing a keylogger or getting your email password - do not worry that will not happen through your router - you can change the credentials to feel safe. lakini if he is asking for more details - please keep off, unless you know him/her.

I would never ask for personal information.I am here to share knowledge with no hidden agenda.
Divers - can you laugh in scuba gear, or will you drown? I was wondering. - James May.
vky
#38 Posted : Tuesday, January 06, 2015 8:48:42 PM
Rank: Member


Joined: 6/17/2010
Posts: 572
Ash Ock wrote:
Quote:
You might not realize you have an Internet address that’s as well-defined as your street address. To see your own public IP address, surf to whatismyip.com. Your address will be displayed in big bold letters and will look something like this: 101.75.75.101. In most cases, this public address leads straight to your router, which as its name implies, routes all data traffic between your networked computers, tablets, smartphones, webcams, and to and from the outside world.

If someone gains control of your router, you’re in for a rough time. They can open and redirect any sort of traffic anywhere they want. The havoc they wreak can also ruin a whole lot of other people’s days with what’s relayed through your equipment.


Quote:
Most routers and many NAS devices come with well-documented default login IDs and passwords (“admin” and “password,” for instance). These devices typically have installation wizards that prompt the user to change them before the device is connected to the Internet. But for one reason or another, that step is sometimes skipped and the password is never changed. Other times, the password is updated, but at some point down the line, the user performs a hard reset. This common troubleshooting step often restores the old, weak password without the user's knowledge.

Enabling UPnP on older firmware—a step that most router manufacturers recommend, because doing so simplifies configuration—can expose connectivity to FTP and SMB servers running on the router, enabling any Internet snoop to access every file on an attached storage device. An anonymous group recently posted a list of several hundred IP addresses assigned to vulnerable Asus routers.

You can’t afford to wait for the industry to wake up. Take action now to lock down your router, your NAS device, your IP cameras, and every other device on your network that’s exposed to the Internet. Unless you want people stealing your bandwidth; your private photos, documents, and movies; and watching whatever your cameras are focused on.


Source


thanks for this info, just checked my router and behind it i found a sticker with the user id as admin and the password as password keyed this into the zuku portal and logged on and changed the password and enabled firewall settings.
I now get @geofreygachie's concerns because when the techs came to install the connection they never advised me to log in using the default settings and change my password, all they did was to tell me to key in a wifi network name and password and they left, by luck my financial and personal data haven't been compromised all that time the router was on default settings.
Zuku, fooking step up and advise customers better!
'One headache for famous medieval holy people was that someone might murder you to acquire your body parts for the relics trade'
Uhondo
#39 Posted : Tuesday, January 06, 2015 9:01:57 PM
Rank: New-farer


Joined: 8/26/2014
Posts: 63
Changing default passwords is one of the basic steps that must be taken to secure a network. Zuku, if they aren't doing it, wouldn't be the first to ignore this procedure. War drivers have accessed airport lobbies (in developed countries mind you) and logged in to wireless access points using default username/password combinations. What i have realized lately is that ISPs are hiring --mostly outsourcing- poorly trained technicians to manage devices. At this point its actually up to the users themselves to secure their devices. The Chinese aren't sleeping for your information, they actively scan and try to brute force poorly configured devices. A simple change of the default username and password is an effective countermeasure to this security risk.
geofreygachie
#40 Posted : Tuesday, January 06, 2015 9:20:07 PM
Rank: Member


Joined: 2/27/2014
Posts: 454
Location: Republic of Enchantment.
Uhondo wrote:
Changing default passwords is one of the basic steps that must be taken to secure a network. Zuku, if they aren't doing it, wouldn't be the first to ignore this procedure. War drivers have accessed airport lobbies (in developed countries mind you) and logged in to wireless access points using default username/password combinations. What i have realized lately is that ISPs are hiring --mostly outsourcing- poorly trained technicians to manage devices. At this point its actually up to the users themselves to secure their devices. The Chinese aren't sleeping for your information, they actively scan and try to brute force poorly configured devices. A simple change of the default username and password is an effective countermeasure to this security risk.

Just visit www.shodan.io and you will surprised to find that thousands of devices ranging from DVRs,routers,NAS are accessible with default credentials all you need to know is the make & model and google for default username and password Voila you are in.Hardware manufacturers offer no bug fixes for faulty software which tend to give hackers easy time .If anyone needs a fix for buggy firmware try DDWRT flavours which are free ,linux based and very secure ,and the good thing is that you use your exist hardware to implement a robust and secure network using consumer grade hardware running enterprise rated software/firmware.
Divers - can you laugh in scuba gear, or will you drown? I was wondering. - James May.
Users browsing this topic
Guest (2)
4 Pages<1234>
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Copyright © 2024 Wazua.co.ke. All Rights Reserved.