Anyone who is with Virgin Media and has the SuperHub should read the following article:

http://ramblingrant.co.uk/2014/03/06/virgin-media-superhub-7-second-security-flaw/


Stop using default passwords on your router control panels. Change the password today.

Common sense really, like I said on twitter something vm could technically fix very easily (with regards to the changeme rather than 7 second flaw)

mines gets changed regularly anyway

no-one is going to sit outside your house and wait for your router to be restarted.

Not entirely convinced that the old people next door are going to write a program to force my router to reboot just so they can use my wifi

no-one is going to sit outside your house and wait for your router to be restarted.


Not entirely convinced that the old people next door are going to write a program to force my router to reboot just so they can use my wifi

And you shouldn't be leaving the default admin password on the router. Surely?

And you shouldn't be leaving the default admin password on the router. Surely?

why not? no-one knows the password to connect to it?

don't need to, can join during the 7 seconds of booting and change it for you

And you shouldn't be leaving the default admin password on the router. Surely?

I haven't but it's still a stupid scenario :P

Common sense really, like I said on twitter something vm could technically fix very easily (with regards to the changeme rather than 7 second flaw)

Sites often use changeme as default passwords to and I find it a very bad practise. A lot of routers now use things like the serial number or something else unique as the password which is a lot better as face it, there's lot's of people out there who probably know nothing about routers

Well as of recent years, instead of leaving the WiFi unsecure as default they add some security to it with a random generated key and print the key on a sticker and put it on the router

So they could very easily do the same for the password, even if it means 1000 routers have the same password then the next 1000, or 100 or whatever they do with the wifi.

http://www.virginmedia.com/images/label_black.gif

Just a matter of changing the password to the random generated one.

Simples

I have the default password but I have mac filtering enabled on the connection, would that make a difference?

Should do, says it allows connection during the 7 seconds but not bypassing filters.

They just tweeted me the following:


@mattgarner Hi Matt. We'll be rolling out an update to firmware very soon. We encourage all customers to change their default passwords on install. Follow our simple guide here: http://virg.in/sh2pass