Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | Virgin Media urges password change over hacking risk

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Virgin Media Services > Virgin Media Internet Service

Virgin Media urges password change over hacking risk
Reply
 
Thread Tools
Old 27-06-2017, 12:31   #46
Gobble
cf.addict
 
Join Date: Oct 2012
Services: Gig1 SH4-AX86U, Stream
Posts: 155
Gobble is just really niceGobble is just really niceGobble is just really niceGobble is just really niceGobble is just really niceGobble is just really nice
Re: Virgin Media urges password change over hacking risk

Quote:
Originally Posted by pip08456 View Post
Hashtopussy is a dangerous tool in the wrong hands.
Sounds like a bond villain.
Gobble is offline   Reply With Quote
Advertisement
Old 27-06-2017, 12:41   #47
JPAC
cf.addict
 
Join Date: Nov 2005
Location: N E Lincs
Posts: 426
JPAC is a name known to allJPAC is a name known to allJPAC is a name known to allJPAC is a name known to allJPAC is a name known to allJPAC is a name known to allJPAC is a name known to allJPAC is a name known to all
Re: Virgin Media urges password change over hacking risk

FYI; jk means just kidding, it was a joke. So long as the password is changed from the VM default and at least 12 characters, not a word(s) in the dictionary, it should be fine.
===
Reputation; JPAC is just really nice;
Etymology: Middle English: nice "foolish, stupid," from early French nice (same meaning), from Latin nescius "ignorant,"
Seems about right.

Last edited by JPAC; 27-06-2017 at 12:44.
JPAC is offline   Reply With Quote
Old 27-06-2017, 13:06   #48
Kushan
FORMER Virgin Media Staff
 
Join Date: Dec 2010
Location: Warrington
Posts: 4,737
Kushan has a bronzed appealKushan has a bronzed appeal
Kushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appeal
Re: Virgin Media urges password change over hacking risk

Even a cluster that size will struggle to brute for a decent long passphrase. 15 characters? Sure, probably in hours, but when you get to the likes of 30+ characters then it becomes an issue even at that scale.

That's only really achievable with a passphrase. To be clear, the most secure password is completely random string of characters, with symbols, letters, numbers (and ideally even unprintable characters :P) however I would argue that this is not the best password. You have to be able to remember a password, or you'll end up writing it down*. That's what I mean when I say "Best" - something that is the correct trade-off between "memorable" and "secure". A pass-phrase with some substitutions is by far the best compromise there.

* Please note that I strongly advocate the use of a password manager for your day-to-day passwords.
Kushan is offline   Reply With Quote
Old 27-06-2017, 13:43   #49
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: Virgin Media urges password change over hacking risk

Quote:
Originally Posted by Kushan View Post
Even a cluster that size will struggle to brute for a decent long passphrase. 15 characters? Sure, probably in hours, but when you get to the likes of 30+ characters then it becomes an issue even at that scale.

That's only really achievable with a passphrase. To be clear, the most secure password is completely random string of characters, with symbols, letters, numbers (and ideally even unprintable characters :P) however I would argue that this is not the best password. You have to be able to remember a password, or you'll end up writing it down*. That's what I mean when I say "Best" - something that is the correct trade-off between "memorable" and "secure". A pass-phrase with some substitutions is by far the best compromise there.

* Please note that I strongly advocate the use of a password manager for your day-to-day passwords.
That's the thing, you understand that but when people say a passphrase is the best it actually isn't unless you actually use substitutions. Without the subs it just becomes a simple dictionary attack and that will be quicker than brute forcing a random string even if your phrase uses the maximum amount of characters.

You also have to be careful what subs you use. e.g. subbing a 4 for the letter A etc is useless the mask and rule set used in the attack will soon find that. Symbols (AKA special characters) and the odd number thrown in is the way to go as far as a passphrase is concerned.

---------- Post added at 12:43 ---------- Previous post was at 12:39 ----------

Quote:
Originally Posted by tidder23 View Post
they could do a man in the middle attack which means they can funnel all your traffic through them

one thing they could do redirecting online banking sites to trick you to give up your information

years ago I used to take over my brother's Facebook account and write stupid messages on his wall

and if you are thinking there is no master hacker living near you
the hacking tools i used was basically a numbered list (press 1 to hack and press 2 to evil laugh)

only thing stopping them is your Wi-Fi password
I don't think you realise what a "Man in the middle" actually is. It is a means to get your wifi password as well as getting everything passing through their connection which will record everything.

Man in the middle is a way of fooling you into thinking you are connecting to your network when you are in fact connecrting to another one entirely. If done correctly you wouldn't even know.
pip08456 is online now   Reply With Quote
Old 27-06-2017, 13:44   #50
Kushan
FORMER Virgin Media Staff
 
Join Date: Dec 2010
Location: Warrington
Posts: 4,737
Kushan has a bronzed appealKushan has a bronzed appeal
Kushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appeal
Re: Virgin Media urges password change over hacking risk

I think we're basically saying the same thing, we're just debating the terminology more than anything at this rate.
Kushan is offline   Reply With Quote
Old 27-06-2017, 13:45   #51
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: Virgin Media urges password change over hacking risk

Looks like it!
pip08456 is online now   Reply With Quote
Old 27-06-2017, 14:20   #52
Qtx
CF's Worst Nightmare
 
Join Date: May 2012
Location: Probably outside the M25
Services: Sky Fibre Unlimited 40/10
Posts: 3,473
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Re: Virgin Media urges password change over hacking risk

Brilliant news, as most will change the passwords to something easier to crack :P

There are some good pre-generated dictionaries made especially for cracking certain ISP's WPA2 passwords due to knowing their makeup, meaning many can be cracked in 20 minutes or so.


This is probably known and part of the reason for the actual password request, with the news article just prompting it a bit sooner.


The actual recent hack of the Superhub via a modified settings backup was more interesting.

---------- Post added at 13:20 ---------- Previous post was at 13:11 ----------

Quote:
Originally Posted by pip08456 View Post
I don't think you realise what a "Man in the middle" actually is. It is a means to get your wifi password as well as getting everything passing through their connection which will record everything.

Man in the middle is a way of fooling you into thinking you are connecting to your network when you are in fact connecrting to another one entirely. If done correctly you wouldn't even know.
You can't be a man in the middle as such when it comes to getting the Wifi password. It is done by passively sniffing what it sent between the client and router because it is sent out for anyone to read, rather than someone being in the middle of the client and router..


Maybe injecting some packets pretending to be the client de-authenticating to force it to send the encrypted password more times so you have more data to use for cracking is used, but thats not MITM either.


Once you are in you can use a device on the network to MITM via arp poisoning locally or maybe setting a routers DNS to one under your own control, so you can force every website to go through your own rogue server by replying to every DNS request with the rogue server IP, which in turn does the listening before forwarding traffic.
Qtx is offline   Reply With Quote
Old 27-06-2017, 14:46   #53
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: Virgin Media urges password change over hacking risk

Quote:
Originally Posted by Qtx View Post

You can't be a man in the middle as such when it comes to getting the Wifi password. It is done by passively sniffing what it sent between the client and router because it is sent out for anyone to read, rather than someone being in the middle of the client and router..


Maybe injecting some packets pretending to be the client de-authenticating to force it to send the encrypted password more times so you have more data to use for cracking is used, but thats not MITM either.


Once you are in you can use a device on the network to MITM via arp poisoning locally or maybe setting a routers DNS to one under your own control, so you can force every website to go through your own rogue server by replying to every DNS request with the rogue server IP, which in turn does the listening before forwarding traffic.
Seriously???

I won't post the source for obvious reasons.

Quote:
Pwnstar9 for WPA Phishing and Open Hotspots for community testing.


Features

1. Complete control of most aspects of the Rogue AP process. Such as mac spoofing, channels, AP names of various components, 2nd wifi device options and all aspects of internet connection when access thru captive portal.

2. Passive and Active DOS processes all run from only one(1) wifi device supporting packet injection. Passive DDOS allows RogueAP Clones running parallel with Rogue AP and still supporting active DDOS when required.

3. 17 Web Page folders supporting dns spoof and captive portals for both Open Web Sites, WPA Phishing AND WPA Enterprise

4. MITMf and sslslip, sslslip+ and sslstrip are setup thru menu options as required by user.

5. WPA Downgrade added to active DDOS choices available.

6 HTTPS trap to avoid warning to phish

7. Options for use of two(2) wifi devices

You can download the zip which contains a lengthy help file.
and

Quote:
HandShaker uses the aircrack-ng set of tools to automatically detect, deauth, capture and crack WPA/2 EAOPL handshakes:
and

Quote:
-Assisted Handshake capturing
-Wpa/wpa2 decrypting
-DoS
-Wps own pin database, bruteforce&dict attacks, Pixie Dust (all with reaver and bully)
-Evil Twin attacks on 5 different modes (captive portal, sniffing with sslstrip, sslstrip2+BeEF using bettercap, etc).
-Auto-updating (can be disabled).
-etc
Finally
https://en.wikipedia.org/wiki/Evil_t...less_networks)
pip08456 is online now   Reply With Quote
Old 27-06-2017, 15:30   #54
Qtx
CF's Worst Nightmare
 
Join Date: May 2012
Location: Probably outside the M25
Services: Sky Fibre Unlimited 40/10
Posts: 3,473
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Re: Virgin Media urges password change over hacking risk

EvilTwin networks have their uses but are a different kind of attack, but generally you don't use them to get a WPA2 password to crack. These days you may use a rogue access point as a way of social engineering someone to enter their router password, via the captive portal and asking for router password via a web page, like Pwnstar can do. The tools mentioned like aircrack, reaver/pixie are the same you would use on a computer rather than an AP. When they are used, no matter where, they are still not MITM attacks. Once connected to the rogue AP, then the SSL strip and such are the MITM attacks.

Even with MAC spoofing and all the other tricks, there are limitations and advances mean not all devices are fooled by rogue ap's now. Getting a client to send to a cloned MAC of a network it has connected before can be difficult. But my original post was getting the right terminology for each attack based on the thread being about WPA2 passwords. Throwing a web page on open network asking for the router password like pwnstar does is hit and miss and I would call social engineering rather than a MITM. . Throwing packets on a wifi frequency to capture IVS or WPA handshakes to crack is different, and certainly not MITM.


#IlovemyPineapple

Last edited by Qtx; 27-06-2017 at 15:38.
Qtx is offline   Reply With Quote
Old 27-06-2017, 15:46   #55
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: Virgin Media urges password change over hacking risk

You are correct to a point. Reaver, bully and pixiedust are dead in the water as ISP's have to a great extent protected against those forms of attack. Pixiedust was phenomenal in the way it did it, that took only minutes to crack the password. A community Dev just to get the router manufacturers to fill the wide open hole in security.

I'm busy for the next couple of weeks but when I have time I'll tell my neighbour I'm going to test his security and see if he falls for an EvilTwin or MITM attack. He won't mind me doing it but I won't tell him what I'm doing until afterwards. I hope he doesn't have a panic attack!!!
pip08456 is online now   Reply With Quote
Old 27-06-2017, 16:02   #56
Qtx
CF's Worst Nightmare
 
Join Date: May 2012
Location: Probably outside the M25
Services: Sky Fibre Unlimited 40/10
Posts: 3,473
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Re: Virgin Media urges password change over hacking risk

Wifiphisher is more up to date than pwnstar but does a similar job. Might be worth you looking at.

Yeah loved the flaw that Pixiedust used to increase the crack speed. Pixie/Reaver can still work with the right timeouts between attempts but slow compared to forcing clients to reconnect and capturing the handshake to crack.

Thanks to power saving modes on computers and laptops, you rarely see them active on a wifi network unless the person is a heavy user. More likely to find smart tv's, android/apple phones and tablets , maybe apple tv and some gaming consoles. Still rare to find many IOT devices checking random networks, allegedly...

Netdiscover is a nice tool to monitor a network to show when devices come online/join the network. Uses ARP packets as it's method.

People should really use these tools to check the security of their own networks, especially if you live in flats or a high density area.

Nethunter on a few select mobile phones is good too, although best hooked up to an alfa wifi adapter via OTG Y cable and power block. Same can be done with a Pi but Nethunter has a nice front end for the phone
Qtx is offline   Reply With Quote
Old 27-06-2017, 16:31   #57
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 67
Services: With VM for BB 250Mb service.(Deal)
Posts: 11,647
pip08456 has a nice shiny starpip08456 has a nice shiny star
pip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny starpip08456 has a nice shiny star
Re: Virgin Media urges password change over hacking risk

I know all about those tools you mention but I didn't want to put temptation in the way of users here. That's why I deliberately haven't posted source links.

We are on the same wavelength so you should understand where I'm coming from.

One thing to mention for the rest viewing this discussion.

SKY routers - Yes there is an algorithm that determines the default password.

VM - There is no algorithm known as yet (there has to be one) but there are large lists of default passwords available.

Bottom line, change the default password!
pip08456 is online now   Reply With Quote
Old 29-06-2017, 19:07   #58
iadom
Oh Lanky Lanky.
 
iadom's Avatar
 
Join Date: Jun 2003
Location: Shaw, Oldham, Lancashire.
Services: 2 V6 running 360. 500mb BB, Phone line, mobile simm.
Posts: 7,956
iadom has a nice shiny stariadom has a nice shiny star
iadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny star
Re: Virgin Media urges password change over hacking risk

Down at my daughters going to try and change her router settings. Does the router have to be connected via ethernet cable to change settings. I have an SH2 but hers is an SH1. Using my iPad brings up a slightly different login screen to the one I get at home.The login page on her router asks for 'settings' password and WPS PIN. entering the eight letter 'pass phrase' and the eight number WPS pin doesn't allow access?

Last edited by iadom; 29-06-2017 at 19:50.
iadom is offline   Reply With Quote
Old 29-06-2017, 21:25   #59
BenMcr
Virgin Media Staff
 
Join Date: Nov 2006
Location: Manchester
Services: 360 x2, Maxit TV, Sky Sports and Sky Cinema. Gig1
Posts: 17,929
BenMcr has a pair of shiny starsBenMcr has a pair of shiny starsBenMcr has a pair of shiny starsBenMcr has a pair of shiny stars
BenMcr has a pair of shiny starsBenMcr has a pair of shiny stars
Re: Virgin Media urges password change over hacking risk

The settings password is not the wireless passphrase. If it's asking for the WPS PIN as well then it's still the default settings password - 'changeme'
__________________
I work for Virgin Media but all views are my own.
BenMcr is offline   Reply With Quote
Old 29-06-2017, 21:37   #60
iadom
Oh Lanky Lanky.
 
iadom's Avatar
 
Join Date: Jun 2003
Location: Shaw, Oldham, Lancashire.
Services: 2 V6 running 360. 500mb BB, Phone line, mobile simm.
Posts: 7,956
iadom has a nice shiny stariadom has a nice shiny star
iadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny stariadom has a nice shiny star
Re: Virgin Media urges password change over hacking risk

Thanks Ben, I did eventually work it out have reset both passwords.
iadom is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 11:54.


Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.