I had a customer bring in a 1 day old system be bought on April 19.
He complained after being connected to the Internet for awhile "and browsing e-bay" he got a pop-up which blocked Internet access and demanded he enter his Username/PW to reconnect to the router (which he entered) as well as the more familiar 800 number for "help".
Is this a signature of a new router exploit that seems to have hit the news? I formatted and reloaded Windows as a precaution.
Thanks in advance for any replies.
(I advised customer to contact his ISP for instructions to change router P/W).
An aside but the radio is going nuts in Philadelphia with Comcast commercials that state it's now so easy to change your router password to something easy to remember. Isn't this a recipe for disaster for brute force dictionary attacks?
I can't say what went on as far as the pop-up, etc., without having actually seen what came up, but it sounds like a conventional phishing expedition variant to me.
As to changing your modem-router password to something easier to remember, that's something I encourage all my clients to do. The probability of any given home user's modem-router being targeted by a brute force dictionary attack is really, really low. If you encourage them to use something that's very easy for them to remember, but very hard to generally guess, and that's at least as long as the original password they should be fine. I always encourage folks to use what I call the "Portmanteau Method" of creating a memorable password. Combine several elements from your life that include numbers (e.g. the house number of the first address you had as a child or as an adult), letters (like the name of your favorite pet, long dead now, and that uses a capital letter, or a combination of the first name of your maternal grandfather and first name of your paternal Grandmother), and at least one special character. I tend to tell folks to pick a consistent position for the number component and special character component in all their generated passwords, as that makes them easier to mentally reconstruct when you need to.
I have yet to see a password of that style compromised.
Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134
. . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it. The willing suspension of disbelief has its limits, or should.
~ Ruth Marcus, November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story