05-28-2018 12:31 PM - last edited on 05-28-2018 12:41 PM by RogersMoin
I know there may be a thread on security threats, but I can't find it, so I put it here.
Various reports from News Sources in the States indicate that the FBI has identified a security risk on various Routers, and recommend that routers be reset.
It is purported to be Russian involvement in another attempt at US elections, but impacts routers all over the world.
Also, today one of the major banks reported the possibility of passwords for financial institutions and shopping sites may have been skimmed and strongly recommends that people
1. Don't use the same password across various sites, no matter how strong it may be, as if it gets skimmed off one site, it can be tried on others.
2. Change your password with strong passwords, and don't share with others. Change it reasonably frequently.
3. Regularly review your financial statements and usage on financial sites, and shopping sites, (include Rogers in this).
My own note, is be aware that if you use your password across sites, or share it to others, most companies will say you have violated their terms of password or pin usage and your protections by them for breaches will be waived - i.e., they are not responsible as you reused the password across sites or shared it.
Can't be too cautious.
I know, it is impossible to remember all the variations of passwords, so consider using a password storage service or software. I won't make recommendations, but there are lots of reputable ones out there.
Bruce
Here is a link:
https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html
Bruce
05-28-2018 06:33 PM - last edited on 05-28-2018 06:38 PM by RogersMoin
VPNFilter malware
Are any of Rogers routers affected by this VPNFilter malware that is in the news today? If so, what should we do? Thanks.
05-28-2018 06:58 PM
@unun4848 there has not been any public news of modems being infected, however, there is a degree of uncertainty about what devices are actually infected as "Authorities and researchers still don’t know for certain how compromised devices are initially infected. "
This is a multi-stage malware. Stage one can only be wiped out by a factory reset. Stages two and three can be cleared out by a device reboot. Seizing the servers, as the FBI did, shuts down the stage two and three loading, however, stage one can still be present in the modem. Cisco has advised device owners to run a factory reset to ensure that those devices are clear of the malware.
Here's a link to an Ars Technica article on the issue:
05-28-2018 08:04 PM
Thanks for the update @Datalink
Guess it can't hurt to do a reboot, and changing passwords is always a good idea - given the limited configuration on most home systems other than the factory set defaults, a factory reset can be done too.
I have done the reboot, and I just accelerated my password change as I do it on a random but frequent basis.
Again, thanks for the update.
Bruce
07-03-2018 09:01 AM - edited 07-03-2018 09:01 AM
I'm not sure a reboot is really making much of a difference; I did several before reading about this malware in more depth.
While my Hitron CGNM router/firewall didn't appear on the list - I found a complete factory reset did make a dramatic improvement in performance, leading me to believe it may have been infected.
The factory reset puts you back to a lower level of firmware, but Rogers had patched it within 2 days.
If I learn more, I'll let you guys in this forum know.
07-03-2018 09:09 AM
Just a reminder - if you do a factory reset, you'll lose wireless connectivity, and you'll need to reinitialize your router with a direct Ethernet connection.
08-16-2018 10:11 AM
http://www.symantec.com/filtercheck/
The symtantec tools tells me that I AM likely infected, on my Rogers Hitiron.
08-16-2018 11:30 AM
Looks like I'm not infected. Did you follow the steps and get rid of the infection?