Time Warner testing fix to hole in home router | InSecurity Complex - CNET News(情報元のブックマーク数)

A free web based community and discussion forum for answering Computer Help, Security Updates, and Software questions by Windows users経由)

Time Warnerが出している、Wi-Fiルータ脆弱性を修正する方向とのこと。

Time Warner has rolled out a temporary patch and is testing a permanent fix for a security hole in a combination cable modem/Wi-Fi router that could allow anyone to access the private network of its customers, snoop on sensitive data, and direct customers to malicious Web sites.
The vulnerability in the SMC8014 cable modem/Wi-Fi router provided to customers was detailed in a blog post written by David Chen, a software engineer and co-founder of the Pip.io social communications platform start-up.



Chen wrote that he discovered that the administration features of the router had been disabled via JavaScript and that he was able to access all the features of the router by disabling JavaScript in the browser.
In addition, the device relied only on WEP encryption, which can be cracked easily, and it used a fixed format for the SSID (service set identifier), which makes it easy to tell which Wi-Fi network the device is using, he wrote.