I am a little disturbed by ATT

Mentor

I am a little disturbed by ATT

Right now I am a little disturbed by ATT right now. I tried going to the standard http://gateway.2wire.net/ and it had an issue connecting. Apparently ATT doesn't allow you to access the firewall this way anymore, but still allows the old other standard of access http://192.168.1.254 . Now this isn't what I am disturbed about. What I am disturbed about is the interface has changed a lot since I was last here including writing my custom password I made for security reasons straight on the home page. All of our passwords have been leaked by ATT and put onto our firewalls homepage. Whose idea was this?! This is horrible! and a security risk! AHHHH!!!!!!!!!!!!!!!!!!!!!!!!

1,350 Views
Message 1 of 15

Re: I am a little disturbed by ATT

Here goes my theory.

 

Since the default passcode is printed on the side of the gateway, it's not much of a big deal that it would also appear on the portal. The new Gateway firmware shows the passcode for your convenience.

 

The passcodes are not being leaked because only devices that have been connected to the Gateway are able to view the passcode. With an administrator account on Windows you can easily view the saved passcodes for previous networks you've connected to.

 

You can change the default Gateway IP address (although, I personally don't suggest it) and also use MAC filtering to define a White-list to prevent any additional devices from connecting. Most administrative tasks require the access code printed on the side of the box.

 

In short, the biggest downside is that everyone you grant access to wireless network will find it easy to locate the passcode. However, they could recover it from their own saved networks list on their computers. I'd suggest beimg wary of who you allow on your network.

Message 2 of 15
Mentor

Re: I am a little disturbed by ATT

once again it's a custom passcode, and the password to the whole network is displayed on the firewall. As in it's not displayed in windows that I am worried about. I am worried about it being displayed via a web browser. As long as they can hack a custom wifi password, they can get the other password to the whole network and infest everything with a virus.

Message 3 of 15

Re: I am a little disturbed by ATT

Alright, I'm not sure we're on the same page.
You changed the default network key to one of your own choosing, correct?
If so, then you are concerned about the key you created from appearing when you navigate to http://192.168.1.254.

This is where I might be getting confused. Does your custom passcode refer to the Access Code, and the password to the whole network the Network Key?
Message 4 of 15

Re: I am a little disturbed by ATT


julywashere wrote:
Alright, I'm not sure we're on the same page.
You changed the default network key to one of your own choosing, correct?
If so, then you are concerned about the key you created from appearing when you navigate to http://192.168.1.254.

This is where I might be getting confused. Does your custom passcode refer to the Access Code, and the password to the whole network the Network Key?

 

I think what the OP is refering to is an issue with the NVG510 (which explains the lack of response to the 2WIRE address) where by just navigating to the unsecured homepage of the modem/router you can see the wireless access key displayed in plain text (default or customized).

 

This can be a security risk under some conditions, but one would have to be either already connected to the modem/router's wired network, or already connected to the modem/router's wireless network to access the homepage of the modem/router.

 

As far as retrieving the access key from a computer that was already connected, it's not normally available with a PC because passwords are not normally shown in plain text, although they've "dumbed down" the process on a lot of mobile devices by allowing the conversion of the password entry field to plain text (I think Apple started that trend, figures).

 

 

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                              

Message 5 of 15

Re: I am a little disturbed by ATT


Computer-Joe wrote:

julywashere wrote:
Alright, I'm not sure we're on the same page.
You changed the default network key to one of your own choosing, correct?
If so, then you are concerned about the key you created from appearing when you navigate to http://192.168.1.254.

This is where I might be getting confused. Does your custom passcode refer to the Access Code, and the password to the whole network the Network Key?

 

I think what the OP is refering to is an issue with the NVG510 (which explains the lack of response to the 2WIRE address) where by just navigating to the unsecured homepage of the modem/router you can see the wireless access key displayed in plain text (default or customized).

 

This can be a security risk under some conditions, but one would have to be either already connected to the modem/router's wired network, or already connected to the modem/router's wireless network to access the homepage of the modem/router.

 

As far as retrieving the access key from a computer that was already connected, it's not normally available with a PC because passwords are not normally shown in plain text, although they've "dumbed down" the process on a lot of mobile devices by allowing the conversion of the password entry field to plain text (I think Apple started that trend, figures).

 

 

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell


Yes, this was my initial thought for both the first and second parts. My confusion comes from the fact that in order to make any significant changes, the access code would be necessary. (Which would require physical access to the Gateway, unless the default passcode was matched to the Network key, which would pose a huge security threat.)

 

On the third part wireless passwords are not stored as plain text. When you connect to a wireless network, the passcode is converted from plain text to be stored. Which is why those with technical savvy (or the correct software application) are able to retreive the passcode.

 

However, in Windows 7 and later, any user with an administrator account can navigate to the security section of the wireless network properties. Here there is a check box that says "Show Characters" and upon checking it, the previously saved wireless key in displayed plain text.

 

In OSX it can similarly be viewed through Keychain Access. (Under Login Keychains and Passwords)

Message 6 of 15
Mentor

Re: I am a little disturbed by ATT

My issue was that anybody can hack a wireless password, and my network password (the one that's not for the wireless connection) shows up when I go to the homepage to the firewall. Which would give anyone access to changing wireless passwords and locking me out and causing mayhem amongst my network. I know the likelyhood would be small, but it's still an security risk. When AT&T updated the firmware turns out all I need to do for my old 2wire modem is to do http://gateway.pace.com/ to access the network instead of the http://192.168.1.254 fallback. My network key is different than my wireless key (both are custom set by myself).

Message 7 of 15

Re: I am a little disturbed by ATT


RadioFreeRO wrote:

My issue was that anybody can hack a wireless password, and my network password (the one that's not for the wireless connection) shows up when I go to the homepage to the firewall. Which would give anyone access to changing wireless passwords and locking me out and causing mayhem amongst my network. I know the likelyhood would be small, but it's still an security risk. When AT&T updated the firmware turns out all I need to do for my old 2wire modem is to do http://gateway.pace.com/ to access the network instead of the http://192.168.1.254 fallback. My network key is different than my wireless key (both are custom set by myself).


Again, the only way one could see that code is if they were ALREADY connected to your network, which means you have granted access or given the passcode to someone.  No one else can see that passcode regardless of what you see on that home screen.

” Auto racing, bull fighting, and mountain climbing are the only real sports … all others are games.”- Ernest Hemingway
Message 8 of 15
Mentor

Re: I am a little disturbed by ATT

Let me give you an example oufanindallas of why this is an issue. I have my network locked up, and today what did I see on the Blu-ray player for about 1 minute? Someone's bloody gash in their leg because their phone hacked my network and started the media renderer option on the player with their phone. It's a closed network and yet someone driving by hacked the network without thinking. Granting access means nothing when someone can hack your network. It's still an issue, and (no offense) sorry to say you clearly didn't listen to my previous posts or know anything about computers.

Message 9 of 15

Re: I am a little disturbed by ATT


RadioFreeRO wrote:

Let me give you an example oufanindallas of why this is an issue. I have my network locked up, and today what did I see on the Blu-ray player for about 1 minute? Someone's bloody gash in their leg because their phone hacked my network and started the media renderer option on the player with their phone. It's a closed network and yet someone driving by hacked the network without thinking. Granting access means nothing when someone can hack your network. It's still an issue, and (no offense) sorry to say you clearly didn't listen to my previous posts or know anything about computers.


 

Well, first of all. If you have your "network locked up" properly, someone just driving by with their phone is not going to be able to hack your network, and even if they did, it wouldn't matter then that the key is in plain text because they've already cracked your security without access to the key.

 

If your Bluray is accepting stray signals from another source, that is a problem with the Bluray.

 

 

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                              

Message 10 of 15
ACE - Expert

Re: I am a little disturbed by ATT


RadioFreeRO wrote:

My issue was that anybody can hack a wireless password, and my network password (the one that's not for the wireless connection) shows up when I go to the homepage to the firewall. Which would give anyone access to changing wireless passwords and locking me out and causing mayhem amongst my network. ...


This is not correct.  You need the security password, which is not displayed on the screen, to change the wireless access password.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 11 of 15

Re: I am a little disturbed by ATT


RadioFreeRO wrote:

Let me give you an example oufanindallas of why this is an issue. I have my network locked up, and today what did I see on the Blu-ray player for about 1 minute? Someone's bloody gash in their leg because their phone hacked my network and started the media renderer option on the player with their phone. It's a closed network and yet someone driving by hacked the network without thinking. Granting access means nothing when someone can hack your network. It's still an issue, and (no offense) sorry to say you clearly didn't listen to my previous posts or know anything about computers.


Sorry to burst your bubble, but you are incorrect, if they were able to hack your network then you didn't have it "locked up" as you say.  Again, having your passkey in plain text on the homepage has nothing to do with this.  As for knowing nothing about computer I've spent the last 27 years working with them in various capacity so again, sorry to burst your bubble.

” Auto racing, bull fighting, and mountain climbing are the only real sports … all others are games.”- Ernest Hemingway
Message 12 of 15
Mentor

Re: I am a little disturbed by ATT

Obviously none of you watch Hak5 or any other technology based programming. You can hack a wireless key in seconds with a cell phone, laptop, or practically any other device while you drive by. Clearly you guys don't know anything about computers or networks otherwise you would know the process of hacking is fairly simple and people war driving my network is a problem because they've hacked my wifi, and on the front page of the firewall is the password to the whole network security settings. AT&T and PACE doing this is a huge security issue.

Message 13 of 15
Expert

Re: I am a little disturbed by ATT


RadioFreeRO wrote:

 

... they've hacked my wifi, and on the front page of the firewall is the password to the whole network security settings.


 

The password that is displayed on the home page of the AT&T router is the wireless network key.  No other password is shown there.

 

If someone has already hacked your wireless network, they don't need this password, because they're already connected to your network.

 

So what are you complaining about?  If someone can hack your wireless network, it doesn't matter whether the password is displayed on this page or not.

 

 

Message 14 of 15

Re: I am a little disturbed by ATT


RadioFreeRO wrote:

Obviously none of you watch Hak5 or any other technology based programming. You can hack a wireless key in seconds with a cell phone, laptop, or practically any other device while you drive by. Clearly you guys don't know anything about computers or networks otherwise you would know the process of hacking is fairly simple and people war driving my network is a problem because they've hacked my wifi, and on the front page of the firewall is the password to the whole network security settings. AT&T and PACE doing this is a huge security issue.


 

Obviously you've been misled or you misunderstood what you read or heard.

 

As I said before, if your  wireless network is properly secured nobody is going to hack it in a few seconds driving by with their cellphone, period.

 

Properly secured means WPA2/AES, MAC filtering, non-broadcasting SSID, non-default password of at least 10 characters including upper and lower case letters with numbers and symbols (*_!#@$ etc.) as well as disabling WPS and UPnP if possible.

 

 

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                              

Message 15 of 15
You must type a description before you click preview or reply.
Share this topic
Announcements

Welcome to the AT&T TV Hub!
We have some helpful articles located under TV Hot Topics.
On the left you will see DIRECTV and U-verse TV links. Click on those links for more information regarding Apps, Billing, and TV troubleshooting tips.

Additional Support