Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsDear Asus router user: You’ve been pwned, thanks to easily exploited flaw
http://arstechnica.com/security/2014/02/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw/An Ars reader by the name of Jerry got a nasty surprise as he was browsing the contents of his external hard drive over the weekenda mysterious text file warning him that he had been hacked thanks to a critical vulnerability in the Asus router he used to access the drive from various locations on his local network.
"This is an automated message being sent out to everyone effected (sic)," the message, uploaded to his device without any login credentials, read. "Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection. You need to protect yourself and learn more by reading the following news article: http://nullfluid.com/asusgate.txt."
It's likely that Jerry wasn't the only person to find the alarming message had been uploaded to a hard drive presumed to be off-limits to outsiders. Two weeks ago, a group posted almost 13,000 IP addresses its members said hosted similarly vulnerable Asus routers. They also published a torrent link containing more than 10,000 complete or partial lists of files stored on the Asus-connected hard drives.
The guerilla-style hacking disclosure comes eight months after a security researcher publicly disclosed the underlying vulnerability that exposed the hard drives of Jerry and so many other Asus router users. The June 22 report found the "ability to traverse to any external storage plugged in through the USB ports on the back of the router," but researcher Kyle Lovett said he went public only after privately contacting Asus representatives two weeks earlier and getting a response that the reported behavior "was not an issue." In July, Lovett published a second disclosure that offered additional technical details.
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
8 replies, 970 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (1)
ReplyReply to this post
8 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Dear Asus router user: You’ve been pwned, thanks to easily exploited flaw (Original Post)
steve2470
Feb 2014
OP
hobbit709
(41,694 posts)1. One of many reasons I don't set up a network at home.
I don't even plug an external drive into a computer until I'm ready to use it. I keep my security locked down pretty tight.
RKP5637
(67,102 posts)3. ... as we use to say in the large mainframe business decades ago, anytime you have
2 wires going out of the secured mainframe data center you're at risk! 900 baud modems back then, state of the art! LOL!
hobbit709
(41,694 posts)4. True but you can minimize the chances.
RKP5637
(67,102 posts)5. Yep! I do similar to you! n/t
RKP5637
(67,102 posts)2. "was not an issue." (per Asus)! WTF! n/t
Ron Obvious
(6,261 posts)6. Thanks for the heads-up!
I was running this exact configuration and have now upgraded the firmware.
No text files on the USB drives, but I'll reformat them just the same.
steve2470
(37,457 posts)7. glad I could help ! nt
steve2470
(37,457 posts)8. kick for pm crowd nt