i mean "credit" ... hahaaa..

Thx for sharing all this. Thanks for all the efford!

this is posted on The Star also: http://techcentral.my/news/story.aspx?file...235&sec=it_news

@rizvanrp,
Thanks for all the research and sharing them. For those whose Remote Management is enabled, did TM even bother to ensure that it is configured to allow only their own technicians to access? E.g. Lock IP address, etc.

That newspaper article did not address the main problem.

Precisely. Remote management is not the main issue. It's the way they did it.
Not only did they not tell users, consumers and commercial, that there is a superior hidden root access account, but they also chose to use a generic password for all their routers. The way it's being done currently, it's just plain laziness.

Actually, if you read that carefully, they said they will change the passwords and then share that password with the customer. If they live up to their word, once they change it and inform you the new password, just change it back to another password.
If TM needs access in future, let them call you and you can reset the password to a temp password, let them use it and then change the password again in future.

This post has been edited by +Newbie+: Jun 3 2010, 10:31 AM

Oh :/

Well if that is the case, we will just have to see then

This post has been edited by Moogle Stiltzkin: Jun 3 2010, 10:37 AM

Appreciate it too Riz. Very helpful, thanks.

Actually if they wanted to create a unique password, it would be easy cause they already have the customer information, and could do easy substitution to create a pretty strong password which tmnet can easily use to access cause they have your personal information which other people do not have.

This would have pretty much avoided the issue. Although I still do not like the idea of tmnet being able to remotely access my router.

Dear Riz,
Again, thanks for all that you're doing. M'sia is such a screwed up place, full of rhetorics like the bullshit 1MalangSial and now TM Nut is screwing us conned-sumers. Lucky for us, we have you to make this country a much better place.

What you've suggested to me sounds complicated. I'll need to check with TM and get them to come over. Then, work with them on changing the accessibility and password.

Have a great day ahead!!!

TMnut screw us since dial - up and streamyx era.. lolzz

wah, the star posted this news somemore,

riz, you've done really well


They said, hacker unlikely can success to hack a user because of don't know the target's IP address,

ok la, Dynamic IP always change IP, but to check a user's current IP isn't hard, even we can do it, but only valid at the time that user still stay connected as the same ip,

How about Unifi for business? static IP address, once the hacker knows the ip address, business unifi user always risky, as long the remote management still remain opened

This post has been edited by squall0833: Jun 3 2010, 01:40 PM

Like I said earlier, the Star didn't do their research properly. Dynamic IP.. so what? Just use a port scanner? You're only doing this because you want a free Unifi account/proxy.. doesn't matter who you hit. Dynamic IPs are all allocated in the same IP block for the same service.

This post has been edited by rizvanrp: Jun 3 2010, 01:56 PM

yeah, so all unifi users who hasn't changed their configuration now, seriously unsecure


This post has been edited by squall0833: Jun 3 2010, 02:34 PM

just installed unifi today..

how to access the true admin account? can anyone inform me?
already disabled the remote access

edited: opss.. okey.. just found it..

This post has been edited by rizfield: Jun 3 2010, 03:21 PM

Guides at http://unifi.athena.my/

damn, after 2 hours reading the whole posts. i somehow do learn something in the process. man, makes me wonder how vulnerable i am right now by not changing my default password. i took i lightly and caused me numerous problems before.

thanks to TS for bringing this thing up to public. glad to know that our fellow LYN care to share the most important info as TM users.

I dunno. I think it's ok if they change the password themselves, then tell the users. Maybe some users can configure router settings, but I doubt most people know how to do it.

Yes. I think that's exactly what TM is going to do. They plan to change the passwords themselves, then share that new password with you.

The other parts I mentioned are just optional steps an user can take if they decide not to trust the TM technicians.

Not sure what's going on, seems TM put a temporary stop-gap measure in place by blocking connections on port 22(SSH) heading for 110.159.* IPs.

I had someone enable remote SSH on his DIR-615.
Using the default port 22, I wasn't able to connect from my Streamyx to his Unifi. (connection closed at remote end)

Then I asked him to change the SSH port to a random 5-digit number, and voila I managed to login to router using putty.
Like rizvan said, I was able to use his connection as a SOCKS proxy (ssh dynamic forwarding).

By blocking ports, won't really help much, tho it probably will cause some troubles for users who ssh alot to their servers. Who knows, some of the unifi users does host a personal web server?

Thanks for the headup, riz, will keep that in mind =)

At least the LYN people who read my posts will be safe by securing their DIR-615 or using their own routers. There's just no way TM can magically give everyone a special unique router password combination now, it has to be done by the user. This is what happens when you don't even set up basic security and try to 'hide' things from the users. I'm pretty certain more stuff is going to happen when Unifi's coverage area expands and people have access to the Fiberhome units.

They should also be blocking port 8080, not just 22

This post has been edited by rizvanrp: Jun 7 2010, 09:08 AM