O2 don't seem to care about security!

O2 broadband users might like to read this (especially if you have a
Wireless Box II or a Wireless Box III):

http://www.jibble.org/o2-broadband-fail/
--
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]

In article <176uZD2KcidF-pn2-(E-Mail Removed)>,
Bob Eager <(E-Mail Removed)> wrote:
>O2 broadband users might like to read this (especially if you have a
>Wireless Box II or a Wireless Box III):
>
> http://www.jibble.org/o2-broadband-fail/

Is there any independent verification of this? Does the problem apply
to all TG585n routers? If so, what is Thomson's response?

Anyone can put up a web page saying "there's a vulnerability but I'm
not going to say what it is".

-- Richard
--
Please remember to mention me / in tapes you leave behind.

Richard Tobin wrote:
> In article <176uZD2KcidF-pn2-(E-Mail Removed)>,
> Bob Eager <(E-Mail Removed)> wrote:
>> O2 broadband users might like to read this (especially if you have a
>> Wireless Box II or a Wireless Box III):
>>
>> http://www.jibble.org/o2-broadband-fail/
>
> Is there any independent verification of this? Does the problem apply
> to all TG585n routers? If so, what is Thomson's response?
>
> Anyone can put up a web page saying "there's a vulnerability but I'm
> not going to say what it is".

I wish I knew what it was, because I've struggled and repeatedly failed to
find out how you can access O2's router remotely !

--
Mark
Please replace invalid and invalid with gmx and net to reply.

www.paras.org.uk

Mark Carver wrote:
> Richard Tobin wrote:
>> In article <176uZD2KcidF-pn2-(E-Mail Removed)>,
>> Bob Eager <(E-Mail Removed)> wrote:
>>> O2 broadband users might like to read this (especially if you have a
>>> Wireless Box II or a Wireless Box III):
>>>
>>> http://www.jibble.org/o2-broadband-fail/
>>
>> Is there any independent verification of this? Does the problem apply
>> to all TG585n routers? If so, what is Thomson's response?
>>
>> Anyone can put up a web page saying "there's a vulnerability but I'm
>> not going to say what it is".
>
> I wish I knew what it was, because I've struggled and repeatedly failed
> to find out how you can access O2's router remotely !
>
So have I. Well same router for BE.

I think he is referring to a wireless insecurity though.

"Bob Eager" <(E-Mail Removed)> wrote in message
news:176uZD2KcidF-pn2-(E-Mail Removed)...
> O2 broadband users might like to read this (especially if you have a
> Wireless Box II or a Wireless Box III):
>
> http://www.jibble.org/o2-broadband-fail/
> --

He is going on about the preset router SSID and the WPA key provided. The
key can
easily be generated using a program which is widely available. If you
noticed someone
local using the SSID "O2 Broadband 7e52h" for example, you could enter
that and get
the key and then connect. You can do it with BT HomeHub too.
The other thing he is confused about is the access logging in with
"SuperUser" and the
already known password of o2broadband which uses letters and numbers!
There is no way you can connect in to the wireless box from just having an
IP numbers and
trying remotely. The only way in is wireless, but most sensible users will
change their
SSID and WPA2 key immediately and also the password access for
Administrator.

If the person knew what he was talking about, had some computer knowledge
and stopped
trying to lie to everyone by not stating all of the facts - he would find
there is no real story.

There is only one way in to the router and that is via o2, so unless you are
within the o2
building or misuse o2 computers, you don't stand a chance. Even on remote
access there
are only certain functions o2 can perform. They can see connection stats
and change
wireless channels, but can't do anything to the SSID, password or access
controls. I have
watched it done. The interesting thing is that they can see the SSID of
other local WiFi
users and channels in use, it's a shame that doesn't show in a screen on the
router!

I would say forget the very misleading story - he is after publicity.

On Sat, 29 Aug 2009 18:44:53 UTC, "Clive" <(E-Mail Removed)> wrote:

>
> "Bob Eager" <(E-Mail Removed)> wrote in message
> news:176uZD2KcidF-pn2-(E-Mail Removed)...
> > O2 broadband users might like to read this (especially if you have a
> > Wireless Box II or a Wireless Box III):
> >
> > http://www.jibble.org/o2-broadband-fail/
>
> He is going on about the preset router SSID and the WPA key provided. The
> key can
> easily be generated using a program which is widely available. If you
> noticed someone
> local using the SSID "O2 Broadband 7e52h" for example, you could enter
> that and get
> the key and then connect. You can do it with BT HomeHub too.
> The other thing he is confused about is the access logging in with
> "SuperUser" and the
> already known password of o2broadband which uses letters and numbers!
> There is no way you can connect in to the wireless box from just having an
> IP numbers and
> trying remotely. The only way in is wireless, but most sensible users will
> change their
> SSID and WPA2 key immediately and also the password access for
> Administrator.
>
> If the person knew what he was talking about, had some computer knowledge
> and stopped
> trying to lie to everyone by not stating all of the facts - he would find
> there is no real story.

You must be psychic if you believe that is the whole story.
--
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]

"Bob Eager" <(E-Mail Removed)> wrote in message
news:176uZD2KcidF-pn2-(E-Mail Removed)...
> O2 broadband users might like to read this (especially if you have a
> Wireless Box II or a Wireless Box III):
>
> http://www.rubbish.org/o2-broadband-fail/


The site is littered with links through doubleClick, so by posting to a
newsgroup
and putting total rubbish, he is making a lot of money when people go near
his
site.

Add doubleclick to your hosts list and stop the parasites making money!

On Sat, 29 Aug 2009 08:20:12 +0000, Richard Tobin wrote:

> Does the problem apply to all TG585n routers?

My Plusnet router is a "Thomson TG585 V7".

Is that vulnerable?

--
/\/\aurice
(Replace "nomail.afraid" by "bcs" to reply by email)

On 29 Aug 2009 07:13:52 GMT, "Bob Eager" <(E-Mail Removed)> wrote:

>O2 broadband users might like to read this (especially if you have a
>Wireless Box II or a Wireless Box III):
>
> http://www.jibble.org/o2-broadband-fail/


oh dear. Someone's found the backdoor which allows O2 support to
remotely manage the box. That's not to say anybody can access it
remotely, just that there is a secure route to allow O2 to gain
access. it's a a little knowledge and a healthy dose of paranboia
methinks

I like the line "apparently, O2 is able to remotely apply firmware
updates to all of their Wireless Boxes". It doesn't take an Einstein
to figure out how they do that

"Nick" <(E-Mail Removed)> wrote in message
news:00947904$0$5095$(E-Mail Removed)...
> Mark Carver wrote:
>> Richard Tobin wrote:
>>> In article <176uZD2KcidF-pn2-(E-Mail Removed)>,
>>> Bob Eager <(E-Mail Removed)> wrote:
>>>> O2 broadband users might like to read this (especially if you have a
>>>> Wireless Box II or a Wireless Box III):
>>>>
>>>> http://www.jibble.org/o2-broadband-fail/
>>>
>>> Is there any independent verification of this? Does the problem apply
>>> to all TG585n routers? If so, what is Thomson's response?
>>>
>>> Anyone can put up a web page saying "there's a vulnerability but I'm
>>> not going to say what it is".
>>
>> I wish I knew what it was, because I've struggled and repeatedly failed
>> to find out how you can access O2's router remotely !
>>
> So have I. Well same router for BE.
>
> I think he is referring to a wireless insecurity though.

Then you havn't read it properly.

--
Graham.

%Profound_observation%