[xcamel]

this isn't good...

[doc1019]

Considering that Cisco is the Internet … you are right, this is not good.

[flashbunny]

somebody call al gore, quick!

[sigSEGV]

Hype from a "security" company. This is hardly anything new. Anybody running an HTTP interface on their router with a default password is probably already hacked anyway.

[Sender]

Speaking of Cisco/Linksys routers, what could cause a new router to repeatedly drop the DSL connection about every minute? It connects, authenticates, lets me view a couple of web pages then DSL link fails. I also get a brief popup in Windows "a network cable is unplugged". Then it reconnects. Over and over.

I got new network cables, tried all sorts of config settings, can't get it to stay online. Everything works fine without the router. My ISP and Linksys tech support were not so good. ISP said "not us, call Linksys" and Linksys said "gee, I dunno, maybe it's a bad router."

[2 Kool 2 Be 4-Gotten]

...and switch to the device's serial number. "This value, which is unique to each individual router, would comprise a very secure and unpredictable password," the report stated.

If the "serial number" is really what its name implies i.e. a number that increases serially with each product shoved out the door, then it can't be all that secure, as it's a monotonic increasing series.

[bmwcyle]

This sucks.

[Redcloak]

this isn't good...

It's neither good nor bad; it's just another example of the stupid getting the abuse they so richly deserve. I've bought plenty of Cisco products, like the new Linksys router right in front of me. Right there in the instructions it tells you to CHANGE THE F-F-F-FLIPPING PASSWORD. (Or words to that effect : ) All of them have that in the instructions. Those who fall victim to this "flaw" do so because they refused to follow instructions. If they wind up seeing 37 cases of vodka purchased from a Moscow liquor store on their Visa bill, they deserve it!

[Mike Bates]

Cisco Says 77 Routers Open to 'Drive-By Pharming'

What does Pancho say?

[pyx]

Linux on OpenWRT (White Russian 0.9) works very nicely. You can read more at http://www.openwrt.org

Read and understand thoroughly BEFORE you install.

[Fawn]

ANd the cable guy tells me routers are the best security. uh huh.

[TChris]

It has always been a Bad Idea to leave the default user, workgroup and especially password on a device when you connect to the Internet.

People are going to have to become more "street-smart" about being on the Internet, or they'll just keep getting scammed and abused.

Connecting your computer to the Internet is not a ho-hum, trivial thing. It's like driving through a big city. You'd better take some basic precautions and have some clue about the risks.

[steve-b]

the attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites

Anybody who leaves a device set at the default password might as well be participating in a bareback orgy at a Port-au-Prince bath house.