By editorial@silicon.com, 11 April 2001 12:42
NEWS French telecom giant Alcatel is a dominant supplier of modems that allow customers to access the high-speed internet access services being rolled out by telcos and ISPs worldwide. According to the San Diego Supercomputer Center at the University of California and the Computer Emergency Response Team (CERT) at Carnegie Mellon University, the modems ship with a blank access password. If the 'null' password isn't changed, a hacker can gain access to the modem, either disabling it or altering the software with a 'Trojan horse'. Common Trojan horses are 'sniffer's or clients used to launch a denial of service attack. A sniffer spies on all data passing through the modem. The aim of a denial of service attack is to shut down a website by sending messages from all over the web at the same time. Responding to the reports, Alcatel released a written statement, saying: "Alcatel ships all modems with the protection activated, however, it's easy for a modem owner to deactivate the protection." The reason that the password needs to be easy to turn off is to allow an ISP to do remote updates to the software. The "recommendation that Alcatel gives is to install a dedicated firewall or firewall software, or make use of the Alcatel Speed Touch modem with Firewall capabilities". By Andy Favell
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below