Tag Archive for: ISPs

At least 700,000 routers given to customers by ISPs are vulnerable to hacking

/in

More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them.

Most of the routers have a “directory traversal” flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn’t new and has been reported by multiple researchers since 2011 in various router models.

Security researcher Kyle Lovett came across the flaw a few months ago in some ADSL routers he was analyzing in his spare time. He investigated further and unearthed hundreds of thousands of vulnerable devices from different manufacturers that had been distributed by ISPs to Internet subscribers in a dozen countries.

To read this article in full or to leave a comment, please click here

Network World Security

DDoS attackers turn fire on ISPs and gaming servers

/in

DDoS attackers seem to have switched their attention from banks to gaming hosts, ISPs and even enterprises, half-year figures from Chinese mitigation vendor NSFOCUS have confirmed.

The firm’s recent statistics show that the peak for DDoS attacks on banks happened in the first half of 2013 when they accounted for an extraordinary 45 percent of all attacks, with enterprises second in the target list at around 25 percent.

By the second half of last year, this had started to change with bank attacks slipping under 10 percent – this has since dropped to fractions of a percent. If banks are now off the menu, online gaming and ISPs are suddenly popular, rising in the first half of 2014 to 10 percent and nearly 15 percent of attacks respectively.

To read this article in full or to leave a comment, please click here

Network World Security

Many home routers supplied by ISPs can be compromised en masse, researchers say

/in

Specialized servers used by many ISPs to manage routers and other gateway devices provisioned to their customers are accessible from the Internet and can easily be taken over by attackers, researchers warn.

By gaining access to such servers, hackers or intelligence agencies could potentially compromise millions of routers and implicitly the home networks they serve, said Shahar Tal, a security researcher at Check Point Software Technologies. Tal gave a presentation Saturday at the DefCon security conference in Las Vegas.

At the core of the problem is an increasingly used protocol known as TR-069 or CWMP (customer-premises equipment wide area network management protocol) that is leveraged by technical support departments at many ISPs to remotely troubleshoot configuration problems on routers provided to customers.

To read this article in full or to leave a comment, please click here

Network World Security

iOS 7 downloads consumed 20 percent of an ISP’s traffic on release day

/in

When Apple released iOS 7 to the world at 1pm ET on Sept. 18, legions of iPhone and iPad owners immediately downloaded the new operating system. That’s no surprise, but statistics released today illustrate just how much of an impact the mobile OS had on Internet traffic.

At one unnamed North American fixed Internet provider, “Apple Updates immediately became almost 20 percent of total network traffic and continued to stay above 15 percent of total traffic into the evening peak hours,” according to Sandvine’s Global Internet Phenomena Report for the second half of 2013. Sandvine makes equipment that helps consumer broadband providers manage network congestion.

Over-the-air update sizes were 760MB for the iPhone 5, 900MB for the iPad 2, and 729MB for the Apple TV, the report says. Updates downloaded on desktops through iTunes were 1.2GB for the iPhone and 1.4GB for the iPad.

Read 11 remaining paragraphs | Comments


    




Ars Technica » Technology Lab