Virgin Media urges password change over hacking risk
23-06-2017, 23:35
|
#31
|
Oh Lanky Lanky.
Join Date: Jun 2003
Location: Shaw, Oldham, Lancashire.
Services: 2 V6 running 360. 500mb BB, Phone line, mobile simm.
Posts: 7,956
|
Re: Virgin Media urges password change over hacking risk
I read that they only use 24 of the possible 26 letters which reduces the time to crack by a considerable margin. Mine didn't have 'any' in it anywhere.
I can also confirm that my daughters wifi password has no similarity to mine whatsoever.
|
|
|
24-06-2017, 02:06
|
#32
|
cf.addict
Join Date: Feb 2005
Location: Oxfordshire
Age: 76
Services: VM XL, Tivo, BB, Prime, Now TV, Tennis TV
Posts: 152
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by Ken W
The default is changeme or admin and many don't change it.
|
I changed that one on the day I got it - it does rather invite that!
It's the WiFi password I'm not really sure about, OK so it's only 8 L/C characters, but is it a realistic risk that there are people going around with devices to crack into peoples' WiFi? Mine barely reaches all the rooms in the house, let alone out in the street. And it would be a pain to have to go around changing phones, NOW TV box, printer etc etc, not to mention occasional visitors I've given it to.
|
|
|
24-06-2017, 08:55
|
#33
|
cf.mega poster
Join Date: Aug 2009
Posts: 5,386
|
Re: Virgin Media urges password change over hacking risk
What is there to gain from finding out my Wi-Fi password?
|
|
|
24-06-2017, 10:55
|
#34
|
Woke and proud !
Join Date: Jun 2004
Services: TV, Phone, BB, a wife
Posts: 9,110
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by jb66
What is there to gain from finding out my Wi-Fi password?
|
Seeing as VM are now allowing any other VM customer to use your WiFi it does become a bit irrelevant. Opt for modem mode and use your router instead of VMs insecure equipment, faster speeds too.
|
|
|
24-06-2017, 11:30
|
#35
|
cf.mega poster
Join Date: Oct 2009
Posts: 2,065
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by Mr K
Seeing as VM are now allowing any other VM customer to use your WiFi it does become a bit irrelevant. Opt for modem mode and use your router instead of VMs insecure equipment, faster speeds too.
|
...and that's the sort of ill-informed rubbish that gets rumours going. Get your facts straight before writing such piffle.
|
|
|
24-06-2017, 14:31
|
#36
|
cf.addict
Join Date: Feb 2005
Location: Oxfordshire
Age: 76
Services: VM XL, Tivo, BB, Prime, Now TV, Tennis TV
Posts: 152
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by jb66
What is there to gain from finding out my Wi-Fi password?
|
Depends where you live and who lives around you. People could use your connection to download all sorts of illegal stuff or commit other crimes, for which you might get the blame because your IP address would be all over it.
However to do that they have to be in signal range of the router. To break your password, possibly for many hours. To be honest, the signal from my Superhub is pretty iffy at the other end of the house, let alone out in the street or in neighbouring properties, so maybe the risk is not so great?
|
|
|
24-06-2017, 15:08
|
#37
|
cf.member
Join Date: Oct 2008
Posts: 32
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by jb66
What is there to gain from finding out my Wi-Fi password?
|
Basically allows an attacker into your network. Once in they could do quite a lot of things. For example the recent WannaCry could be exploited inside the network by just hitting the SMB server of an effected device.
Basically it allows an attacker to see what you have connected on your network, scan for any device with known exploits and do something with it. Especially with the rise of insecure IoT device.
|
|
|
25-06-2017, 15:46
|
#38
|
Permanently Banned
Join Date: Jan 2012
Location: Near France
Services: Tivo XL
150mb broadband
L phone
Posts: 1,817
|
Re: Virgin Media urges password change over hacking risk
Probably force.
|
|
|
26-06-2017, 20:30
|
#39
|
cf.member
Join Date: Jul 2010
Posts: 26
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by jb66
What is there to gain from finding out my Wi-Fi password?
|
they could do a man in the middle attack which means they can funnel all your traffic through them
one thing they could do redirecting online banking sites to trick you to give up your information
years ago I used to take over my brother's Facebook account and write stupid messages on his wall
and if you are thinking there is no master hacker living near you
the hacking tools i used was basically a numbered list (press 1 to hack and press 2 to evil laugh)
only thing stopping them is your Wi-Fi password
|
|
|
27-06-2017, 11:01
|
#40
|
FORMER Virgin Media Staff
Join Date: Dec 2010
Location: Warrington
Posts: 4,737
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by iadom
I read that they only use 24 of the possible 26 letters which reduces the time to crack by a considerable margin. Mine didn't have 'any' in it anywhere.
I can also confirm that my daughters wifi password has no similarity to mine whatsoever.
|
Don't forget, it's case sensitive, so it's more like 48 letters + numbers. 58 vs 62 possible characters isn't quite a big difference.
Having said that, password length will always trump complexity. While I agree the default passwords on routers are possibly not terribly secure, they should be changed regardless.
If you change it to a password that's 15+ characters long, even purely lower case will be more secure than a "complex" 8 character password.
To give an example, if you have an 8 character password to which any of the 8 characters can be one of 100 possible values (26 lowercase + 26 uppercase + 10 numeric + a bunch of symbols, punctuation, spaces, etc.), you'd get 10,000,000,000,000,000 possibilities.
Whereas if you have a 15 character long password of just lower case letters, it's 1,677,259,342,285,725,925,376 possible combinations. Length really does trump complexity.
10,000,000,000,000,000
vs
1,677,259,342,285,725,925,376
Use a passphrase of uppercase and lowercase letters with some punctuation thrown in and nothing will ever brute force it, even with dictionary attacks.
|
|
|
27-06-2017, 11:13
|
#41
|
Oh Lanky Lanky.
Join Date: Jun 2003
Location: Shaw, Oldham, Lancashire.
Services: 2 V6 running 360. 500mb BB, Phone line, mobile simm.
Posts: 7,956
|
Re: Virgin Media urges password change over hacking risk
I was talking about the original wifi password on the bottom of the router, that uses uses a combination of only 24 lower case letters.
|
|
|
27-06-2017, 11:24
|
#42
|
Ran Away
Join Date: Nov 2008
Location: Lincoln
Services: phone + 1gbit BB + SkyQ
Posts: 11,021
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by Kushan
10,000,000,000,000,000
vs
1,677,259,342,285,725,925,376
|
simply put for those who are not mathematically inclined you are looking at a different of 1x10^16 and 1x10^21. There is difference of 5 orders of magnitude which is huge.
|
|
|
27-06-2017, 11:40
|
#43
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
|
Re: Virgin Media urges password change over hacking risk
With the right tools an 8 letter lower (or upper ) case password can be cracked in less than a day.
Using a string of Disney names as posted above would be even quicker.
---------- Post added at 10:40 ---------- Previous post was at 10:33 ----------
Quote:
Originally Posted by Kushan
Don't forget, it's case sensitive, so it's more like 48 letters + numbers. 58 vs 62 possible characters isn't quite a big difference.
Having said that, password length will always trump complexity. While I agree the default passwords on routers are possibly not terribly secure, they should be changed regardless.
If you change it to a password that's 15+ characters long, even purely lower case will be more secure than a "complex" 8 character password.
To give an example, if you have an 8 character password to which any of the 8 characters can be one of 100 possible values (26 lowercase + 26 uppercase + 10 numeric + a bunch of symbols, punctuation, spaces, etc.), you'd get 10,000,000,000,000,000 possibilities.
Whereas if you have a 15 character long password of just lower case letters, it's 1,677,259,342,285,725,925,376 possible combinations. Length really does trump complexity.
10,000,000,000,000,000
vs
1,677,259,342,285,725,925,376
Use a passphrase of uppercase and lowercase letters with some punctuation thrown in and nothing will ever brute force it, even with dictionary attacks.
|
Depends on how many gpu 's you have working on it and the time you want to spend.
Hashtopussy is a dangerous tool in the wrong hands.
|
|
|
27-06-2017, 11:57
|
#44
|
FORMER Virgin Media Staff
Join Date: Dec 2010
Location: Warrington
Posts: 4,737
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by pip08456
With the right tools an 8 letter lower (or upper ) case password can be cracked in less than a day.
Using a string of Disney names as posted above would be even quicker.
---------- Post added at 10:40 ---------- Previous post was at 10:33 ----------
Depends on how many gpu 's you have working on it and the time you want to spend.
Hashtopussy is a dangerous tool in the wrong hands.
|
With enough computing power you can brute force nearly anything, no matter how long and complex it is. The key is not to be the low-hanging fruit.
Also note I'm not advocating purely lower-case passwords, that was just an extreme example to show how much better length is than complexity. I stand by a passphrase is the best form of "password".
|
|
|
27-06-2017, 12:20
|
#45
|
Sad Doig Fan!
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
|
Re: Virgin Media urges password change over hacking risk
I know you weren't advocating all lower case but phrases are a no no too. Google Sagitta brutalis. The community I'm involved with have 4 of these and another 64 pc's with at least 2 gpu's. Doesn't take long. Before you ask we do not do it for nefarious reasons.
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 23:55.
|