Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Eircom Netopia Routers Are Wide Open
Options
Comments
-
-
-
from http://www.siliconrepublic.com/news/news.nv?storyid=single9323
The Eircom spokesperson added: “For advanced security, customers can choose to change their security software to WPA (Wi-Fi Protected Access).”
Because anyone able to use Google can setup Linux and (with no previous expertise) crack WEP in 5 minutes anyway.
So I'm glad to hear they are recommending WPA, not just changing the SSID or WEP key.
It's not a router flaw. It's a flaw in the SW Netopia did for eircom. I'm informed there are no Led Zepplin fans in the relevent eircom dept.
The address in the article is wrong
http://www.broadbandsupport.eircom.net./ won't work
http://www.broadbandsupport.eircom.net will
It does not have any obvious warning yet and still shows the flawed CD wizard setup
I can't link as the site uses session.0 -
Sponge Bob wrote:wpa is a password , something like
76u-098-970148e1-9479-18743148e09184-1904u1[30487-1414104&&301e4018
Ah, Jaysus, Sponge, that's my password...
0 -
-
Advertisement
-
-
-
-
-
-
Advertisement
-
pid() wrote:And do you expect those instructions to contain information on how to upgrade the firmware on a netopia router? I think you might be hoping for a bit too much there.
Do you know how many pre XP sp2 devices there are on the internet? There are absolutely millions. That was a bit of a retarded statement tbh. What age are you, out of curiosity?
MAC Address filtering is not pointless, it's enough to throw off a lazy script kiddie who has difficulty with your router. That is it's only benefit. If you read my post you would see that I mention MAC address filtering is not secure. Please think before you jump down my throat. I, unlike you, know what I'm talking about.
Did we get out of the wrong side of the bed this morning or something? I'll ignore the slight on my age and intelligence and respond as if you had been kind enough to keep things civil.
When you think about it, what WEP only devices should there still be out there? Well, you have a few very annoying recent ones like the Nintendo stuff and some TiVos. Then you have people who have old OSes that are out of support (Win98, WinME, Win2K, WinNT4.0). And finally you have machines that are running XP but are not fully patched.
The people running pre-SP2 XP need to upgrade to SP2 for loads of reasons, not just WPA. Hence, SP2 should be a recommended minimum spec. The people running pre-XP operating systems are running officially obsolete operating systems. MS don't support them, why should Eircom? That leaves only one trouble group, the Nintendo and TiVo owners. They need to make an informed decision about their priorities, security -v- connectivity.
So, it should be clear from this that we are not yet at the happy day when we can consign WEP to the annals of history. However, I do think we have arrived at the stage where the default needs to flip. We need to go from WEP by default with instructions for switching to WPA (like we have now), to WPA by default with instructions for switching to WEP only if needed. Still, the fact that Eircom will be telling people about WPA at all is a step forward for sure.
As for MAC filtering, any script kiddie thrown off by MAC filtering will probably also be thrown off by WEP It is of course not totally pointless, but really, there are much more important and simpler things that Eircom should educate their users about before they get to MAC filtering.
Bart.0 -
bartificer wrote:Did we get out of the wrong side of the bed this morning or something? I'll ignore the slight on my age and intelligence and respond as if you had been kind enough to keep things civil.
When you think about it, what WEP only devices should there still be out there? Well, you have a few very annoying recent ones like the Nintendo stuff and some TiVos. Then you have people who have old OSes that are out of support (Win98, WinME, Win2K, WinNT4.0). And finally you have machines that are running XP but are not fully patched.
The people running pre-SP2 XP need to upgrade to SP2 for loads of reasons, not just WPA. Hence, SP2 should be a recommended minimum spec. The people running pre-XP operating systems are running officially obsolete operating systems. MS don't support them, why should Eircom? That leaves only one trouble group, the Nintendo and TiVo owners. They need to make an informed decision about their priorities, security -v- connectivity.
So, it should be clear from this that we are not yet at the happy day when we can consign WEP to the annals of history. However, I do think we have arrived at the stage where the default needs to flip. We need to go from WEP by default with instructions for switching to WPA (like we have now), to WPA by default with instructions for switching to WEP only if needed. Still, the fact that Eircom will be telling people about WPA at all is a step forward for sure.
As for MAC filtering, any script kiddie thrown off by MAC filtering will probably also be thrown off by WEP It is of course not totally pointless, but really, there are much more important and simpler things that Eircom should educate their users about before they get to MAC filtering.
Bart.
I may have done. Heh.
Anyway, MS doesn't support them because they want to drive their new OS, Vista, and get cash that way. It's why the sale of XP will soon cease with the likes of Dell, etc. They do not not support them because they are obsolete, they do not support them because they want those people to buy their new product. You can lay the blame with anyone, with MS for not releasing a WPA patch on older operating systems and that's where I think part of the blame should lie. I'm guesstimating here, but I would be very confident that 33%, if not more, of eircom's customers are pre XP. You can't just ignore these people and tell them to upgrade their OS, but at the same time what can Eircom do about it? Nothing. They can 'advise' them on the best steps to take, which is what they will do next month. Their assess are covered after that.
Yes, we all wish WEP would just go away, but it's a catch 22 and it's not going to go away for a long time, unfortunately. I mean come on, the Eircom phones use WEP. What's their excuse for that?0 -
-
pid() wrote:Anyway, MS doesn't support them because they want to drive their new OS, Vista, and get cash that way. It's why the sale of XP will soon cease with the likes of Dell, etc.
There's certainly an element of truth to that. Although, XP is six years old this month. Machines from six years ago are really getting long in the tooth now.pid() wrote:They do not not support them because they are obsolete, they do not support them because they want those people to buy their new product.
You can look at it that way but from a security point of view I look at it the other way round, they are obsolete because MS have ceased support. Since they are not being patched they are a pure liability.pid() wrote:You can lay the blame with anyone, with MS for not releasing a WPA patch on older operating systems and that's where I think part of the blame should lie. I'm guesstimating here, but I would be very confident that 33%, if not more, of eircom's customers are pre XP.
Like you I'm also not going on anything more than and education guess here but 33% sounds very high to me. When a PC gets to be three years old it is really starting to get obsolete. Add two more years to that and you get to 5 years old. By one year after the introduction of XP I very much doubt Dell were still selling Win2K machines. So, being conservative, it's only machines that were bought more than five years ago that can't go with WPA.pid() wrote:You can't just ignore these people and tell them to upgrade their OS, but at the same time what can Eircom do about it? Nothing. They can 'advise' them on the best steps to take, which is what they will do next month. Their assess are covered after that.
You are indeed right that their asses are covered. It is also a good thing that they are sending out a letter. I'll reserve comment on the content of that letter till I see it.
One other point though, even if Eircom were to go fully WPA that would not exclude pre-SP2 machines from connecting to the net, it would just exclude them from connecting over WiFi. The Netopia comes with ethernet ports. I can't remember if it's three or four but it's certainly enough to allow old machines connect the old way.pid() wrote:Yes, we all wish WEP would just go away, but it's a catch 22 and it's not going to go away for a long time, unfortunately. I mean come on, the Eircom phones use WEP. What's their excuse for that?
Hang on .... WHAT? You mean to tell me their new supposedly cutting-edge digital wireless phones use WEP? Or did I misunderstand? Please tell me I miss-understood
Bart.0 -
-
bartificer wrote:
You can look at it that way but from a security point of view I look at it the other way round, they are obsolete because MS have ceased support. Since they are not being patched they are a pure liability.
I think you missed my point there dude, I was laying the blame with MS for ceasing supportbartificer wrote:
Like you I'm also not going on anything more than and education guess here but 33% sounds very high to me. When a PC gets to be three years old it is really starting to get obsolete. Add two more years to that and you get to 5 years old. By one year after the introduction of XP I very much doubt Dell were still selling Win2K machines. So, being conservative, it's only machines that were bought more than five years ago that can't go with WPA.
I'm not entirely sure if Dell were or were not selling Win2k a year after XP had been launched, but I will say this. The only reason they are still selling XP now is because of consumer interests. Enough customers / potential customers said they did not want Vista, and that's the only reason you can still by XP on selected models from Dell.bartificer wrote:One other point though, even if Eircom were to go fully WPA that would not exclude pre-SP2 machines from connecting to the net, it would just exclude them from connecting over WiFi. The Netopia comes with ethernet ports. I can't remember if it's three or four but it's certainly enough to allow old machines connect the old way.
Well yeah, it only affects the medium, obviously. I know lots of people who have their modem so far away from their computer that using an ethernet cable is not fesable (packet loss and physical annoyance combined).bartificer wrote:Hang on .... WHAT? You mean to tell me their new supposedly cutting-edge digital wireless phones use WEP? Or did I misunderstand? Please tell me I miss-understood
Bart.
Nope, I said nothing about their new phones.
Also, can I just say I find it interesting that both Spongebob and Bart are friends, and it was Bart who claimed he had been 'anonymously' sent information on this flaw and posted it on his blog. Admit it Bart, there was nothing anonymous about it, it was Spongebob who gave it to you. Fame lads, that's a shocking motive to have.
How's Maynooth?0 -
pid() wrote:Also, can I just say I find it interesting that both Spongebob and Bart are friends, and it was Bart who claimed he had been 'anonymously' sent information on this flaw and posted it on his blog. Admit it Bart, there was nothing anonymous about it, it was Spongebob who gave it to you. Fame lads, that's a shocking motive to have.
How's Maynooth?
Hang on a sec ... why do I seem to be the only person who has no idea who anyone else is? I honestly have no idea who spongebob is on these boards or indeed who you are ... assuming yee are both fellow Maynoothians, what's your Mikado/MiNDS> usernames? (that way I know who you are yet you still remain anonymous ... see, I can do smart I can)
Maynooth is grand ... though we just got a fresh infestation of students. I'm telling yas, the college runs so much more smoothly without them
Bart.0 -
-
pid() wrote:You don't fool me mate.
Knock knock, who's there lads?
ARG ... yes, yes I am being serious! I think I know who lonewolf is but that's it as far as this thread is concerned.0 -
-
Advertisement
-
-
-
-
-
-
-
-
-
-
Advertisement
-
This discussion has been closed.
Advertisement