Linked by Thom Holwerda on Mon 22nd Feb 2010 09:57 UTC
Privacy, Security, Encryption Discovered by Czech researchers, the Chuck Norris botnet has been spreading by taking advantage of poorly configured routers and DSL modems. The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris', which means 'in the name of Chuck Norris'. Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs. It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access. They're behind the times, though. It should've been the Epic Beard Man Botnet. Move over, Chuck.
Thread beginning with comment 410385
To read all comments associated with this story, please click here.
Comment by ssa2204
by ssa2204 on Mon 22nd Feb 2010 17:41 UTC
ssa2204
Member since:
2006-04-22

guessing default administrative passwords


Question, how difficult would it be for these manufacturers to require in the setup or initial loading of the administrative page for a password to be set? In the article it says that this can be mitigated by using a strong password. How about just ANY freaking password other than default? Problem here is these are devices marketed to consumers with very little knowledge or technical skills, so I don't think it is out of the ordinary or asking too much for these device makers to simply require a password to be set.

Reply Score: 3

RE: Comment by ssa2204
by Earl Colby pottinger on Mon 22nd Feb 2010 19:17 in reply to "Comment by ssa2204"
Earl Colby pottinger Member since:
2005-07-06

I seen what happens when you do that for the general consumer market.

5% will change it to a good strong password and keep it in their head or a secured place.

10% will change it to the easiest password they can remember (usually their own name, the dog or cat). Very rarely is this a strong password in any sense.

25% will stick a post-it note with the password to the machine (50% of these will lose the post-it note within a year or the next move).

33% Will suffer brain lock and claim they can't read/understand that tech talk. And they will keep on claiming this if they call tech support.

And most of the rest will either pack-up and return the item or wait till their eight(8) year old comes home who will in turn read the manual/screen instructions. However, 8 year olds don't understand security so they don't pick strong passwords either.

Reply Parent Score: 7

RE[2]: Comment by ssa2204
by Quazion on Mon 22nd Feb 2010 23:01 in reply to "RE: Comment by ssa2204"
Quazion Member since:
2007-12-04

I just removed the password on all my home equipment. Typing passwords is just a waste of time.

Reply Parent Score: 2