Tech & Science How To Address Security Bugs In Your Old Router

21:25  06 december  2019
21:25  06 december  2019 Source:   lifehacker.com.au

The System For American .gov Domains Is An Open Target For Fraudsters

  The System For American .gov Domains Is An Open Target For Fraudsters You’d think it would be hard to talk the U.S. government into giving you some random town’s .gov email address. You’d hope the process would be rigorous. But as one hacker explained to security researcher Brian Krebs, securing a U.S. government-endorsed top-level domain is actually frighteningly easy. Calling this guy a hacker might even be a stretch. As he explained the process to Krebs, the source simply completed a form with a fake phone number and email address and then forged a document with a town’s letterhead before securing the “exeterri.gov” domain name for Exeter, Rhode Island.

Photo: <a href= © Provided by Lifehacker Australia Photo: Shutterstock" out-link" src="https://www.shutterstock.com/image-photo/new-black-wifi-router-two-antennas-69688978?src=a952945d-4744-4d31-aece-ba0548209d5b-1-14">Shutterstock">

If an attacker manages to access your D-Link router’s login screen, and your router is old enough, it’s possible that they can take control of the router, inject it with code, and use it to attack other connected systems and devices. And the best part? D-Link is fully aware of these issues, but it isn’t planning to fix the affected routers because they are too old.

It’s a common issue in the world of wireless networking. And while D-Link provides us with the latest example, unpatched vulnerabilities in older routers can affect devices from any manufacturer.

When it comes to Wi-Fi routers, ease of use is king

  When it comes to Wi-Fi routers, ease of use is king I had planned to test three brands of mesh Wi-Fi with my new NBN connection, but after setting up Google's I don't want to switch.As I had to change internet providers, it was a good time to test the latest home networking products available. For context, I'm currently living in a single story double brick dwelling, just oddly shaped enough that a standard router would struggle, so using a mesh networking solution was key.

As for D-Link’s issue, which we were alerted to by ThreatPost, the vulnerability applies to any of the following D-Link routers:

  • DIR-866

  • DIR-655

  • DIR-1565

  • DIR-652

  • DAP-1533

  • DGL-5500

  • DIR-130

  • DIR-330

  • DIR-615

  • DIR-825

  • DIR-835

  • DIR-855L

  • DIR-862

Your router is vulnerable. Now what?

Are these kind of announcements scary enough that you should break open the piggy bank and use your vacation fund to buy a new router? I’m on the fence about that.

If you’re still using an antiquated wireless-n router, like D-Link’s DIR-615, it’s probably time to upgrade to something more modern. You can get a great wireless-ac router for under $US60 ($88), which should give most new smartphones and laptops you have an even stronger wireless connection. (That might not matter much in your everyday life if you’re paying for slow internet speeds, but at least you’ll be able to have a solid browsing experience at a potentially longer range.)

Elton John slams security guard

  Elton John slams security guard Sir Elton John branded security guards at his own concert "turds" and told them to "f**k off" in a foul-mouthed tirade when he saw them trying to escort a woman out of the venue.The 72-year-old singer kicked off the Australian leg of his 'Farewell Yellow Brick Road' tour at Perth's HBF Park Stadium on Saturday (30.12.19) and was infuriated when he saw two members of venue staff trying to eject a woman from the show.

I recommend buying a new router that’s fairly new, too, to ensure that its manufacturer will continue to support it for the next few years. To help you make an informed decision, research a manufacturer’s end-of-life policies if they make those available (like D-Link, for example). This is important, since you don’t want to be in the same boat again—dealing with vulnerabilities a company won’t patch—because you “upgraded” to an older router

But I don’t want to buy a new router

If your older router isn’t giving you any grief, and you find that your wireless connection is everything you need for where you live, the best way to stay secure is to make sure you’re using the latest firmware you can find for your router. You might even consider a third-party firmware like DD-WRT or OpenWrt, if these can plug any security holes your manufacturer refuses to fix.

You’re also going to want to make sure that your router’s web-based administration screen, if it has one, is protected with a strong password—one that you don’t use with other services. And I can’t stress this enough: Turn off remote management on your router. Not all routers have this feature, and it’s not usually enabled by default if they do, but you shouldn’t be using it, period.

How To Make Your New Smart TV As Secure As Possible

  How To Make Your New Smart TV As Secure As Possible Lots of people buy TVs on Black Friday and Cyber Monday, but there’s a lot you’ll want to consider when setting up a smart TV—more than just plugging everything in. As with any internet-based product, smart TVs are vulnerable to hacking and security exploits. A hacked TV might sound like something you’d find on your favourite crime drama, but it’s a very real possibility. In fact, even the FBI has stepped in to warn customers about the potential dangers smart TVs pose, as pointed out in a recent Inc.com column.

a screenshot of a cell phone: Screenshot: <a href= © Provided by Lifehacker Australia Screenshot: D-Link" out-link" src="https://eu.dlink.com/uk/en/support/faq/routers/wireless-routers/dir-series/dir-878/how-do-i-enable-remote-management-for-my-router">D-Link">

Similarly, if your router uses UPNP, lets you access it from afar via SSH, or has some kind of built-in FTP server, you should probably turn those services off, too. WPS, too, as well as any kind of cloud-based management. And make sure you’re using WPA2 encryption for your wifi password. If you’re still using WEP, or your router doesn’t even offer WPA2, it’s time to change that (or upgrade).

Beyond that, make sure you’re practicing common sense while you navigate the web. I doubt you’ll encounter code that exploits your router’s vulnerability while you’re chatting with friends on Facebook, but maybe spending your time hunting sketchy sites to find hacked games or applications isn’t a great idea. Keep your connected devices’ firmware, software, and virus/malware scanning updated, too, just in case—but that should be something you’re doing anyway, vulnerable router or not.

Remember, you can probably turn your old router into an access point and get even better wifi coverage throughout your house, so it’s not like buying a new router means your old router is going to the great recycling pile in the sky. Even if you don’t need or want to set up a secondary access point, it never hurts to have a backup for when a new router dies unexpectedly.

Jetstar workers to walk off the job over Christmas period .
Travel plans over Christmas may be thrown into chaos this year, after Jetstar employees voted in favour of industrial action. Baggage handlers and ground crew will walk off the job over their work hours and wages after the company "rejected basic demands"."(This includes) 30 guaranteed hours of work per week and increases to current wages, which are among the lowest rates in the industry," the Transport Workers Union said.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!