RSS Alerts

Share

More services

Related Links

Related Stories

  • Fortify warns on Ministry of Defence XSS site flaw
    The ongoing industry security problem of cross site scripting (XSS) flaws has hit the Ministry of Defence, Fortify Software, the application vulnerability specialist, has reported.
  • McAfee update reverberates amongst O2 mobile broadband users
    A signature update for McAfee's security software, released late last week, has been causing problems for Windows users around the world and particularly for users of O2's mobile broadband service, Infosecurity can reveal.
  • Paypal registration page vulnerabilities revealed
    Methodman, a so-called 'grey hat' hacker specialising in discovering cross-site scripting (XSS) flaws, claims to have uncovered a number of XSS security flaws in various Paypal registration pages.
  • Cross-site scripting (XSS) security problem hits broadband routers
    The problem of cross-site scripting (XSS) security flaws - which have affected hundreds of websites this year - has spread to broadband routers, as a security researcher claims that the Thomson wireless box III supplied by O2 leaves internet users "wide open" to the issue.
  • Financial exposure
    Wireless networks are an essential cog in large, modern businesses. But if left unsecured, they leave companies vulnerable, especially in a city abundant with close, competing companies, finds Cath Everett

Top 5 Stories

News

O2 and Plusnet respond to potential XSS modem security issues

07 September 2009

O2 - as well as BT subsidiary internet service provider Plusnet - have both responded to a potential XSS security flaw identified in the Thomson TG565 and TG565n wireless broadband routers they issue to their internet users.

As reported by Infosecurity late last week, security researcher Paul Mutton caused a stir by revealing in his blog that the Thomson modems could be susceptible to a cross site scripting (XSS) security flaw similar to the one affecting websites.

In a notice issued late Friday, O2 said it was planning to release a fix for the XSS security problem to its modem users.

"Having been notified of a potential security issue with our O2 wireless box we have been working to find a solution. We have taken this issue very seriously and have been continuing to investigate it with the router's manufacturer, Thomson", said O2.

"As a result we have identified a solution and we will be applying this remotely to all of our customers' O2 wireless boxes. This means that customers will not have to take any action themselves", O2 added.

On Saturday morning, meanwhile, Plusnet - which issues a customised version of the Thomson modem to its subscribers, said "it had been made aware of a potential [XSS] security vulnerability in the Thomson 4-port wireless router we supply."

"Although we don't believe that any of our customers have been affected, and that the potential risk is extremely low, we are issuing instructions on how you can further protect your router", said the note from Nick Dodds, Plusnet's customer support manager.

"We are advising our customers, whether you have a 585v7, or any other model of router, to change the default 'router admin' username and password."

Plusnet has issued instructions on how to change the password on the Thomson routers on its website to overcome the XSS problem.

This article is featured in:
Internet and Network Security • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012