This article on drive-by pharming and default router passwords brought back painful memories of bygone events.

A few years ago I was an active moderator for the Fark.com message boards. To save some time I created a bookmark to link directly to a particular bit of functionality. The moderation pages are password-protected, but as with many sites I found that the page wasn’t particular about how the authentication info got there – POST or GET. I included my username and password in the query string of the bookmark and voila! One-click access.

This worked great for about a week until I received an email from Mike, the technical guru that makes sure the vast array of hamster wheels that power the Fark.com servers remain properly greased. It turns out I had used my shortcut enough that it appeared in the most popular links on the stats page… username, password, and all. For a brief time, everyone that looked at the stats page had instant access to a moderator login for the site.

Looking back it was an incredibly stupid thing to do. I single-handedly created a massive hole in the security system of one of the net’s most-trafficked sites! All to save a few keystrokes. This is the importance of remaining vigilant about your passwords. It’s easy to get lazy, and that laziness is what hackers like to exploit.

If you have a wireless router at home and you haven’t already done so, CHANGE THE DEFAULT PASSWORD NOW!

Advertisements