Thank you for doing that, Tentris. If they insist on keeping the remote management open (which is flawed due to the usage of a master password and the exploitable nature of the firmware itself), the blood is on their hands as far as I'm concerned. All this discussion was spawned from :

1) TMs inability to realize that customers want full control over their own network
2) TMs trust in the vendor to provide hardware with a decent level of security

Some people have compared this to TM provided Streamyx routers with a default user/pass combo. The difference is that with Streamyx :

1) We've always had the ability to swap out their crappy hardware.
2) An attacker would not get an instant 5/10/20mbps uplink with your home network without you noticing that your uplink was saturated.
3) The TM Streamyx routers lack certain services which allow you to turn them into open proxies and the firmware itself is not exploitable AFAIK.
4) Streamyx speed is capped both at the physical and digital level.
5) Streamyx does not have a monthly 'quota'.

The ability to illegally increase your package speed (as rexio has kindly pointed out in his in depth technical 'laymans' guide /sarcasm), use the HSBB speeds as fast open proxies, mine information from users and possibly bypass the download quota (in the future) makes these Unifi routers valuable targets to outsiders especially since they're so easy to break into.. as TM is encouraging customers to just leave everything open.


The idea that it would take a long time to simply change a password and notify the customer that there's a secondary hidden account in their router meant for administration purposes (as compared to running your roof pulling fiber optic cabling or something) is laughable. Do you have no work ethic? Should surgeons leave patients half open because they want to get off the operating table ASAP?

They can let the customer change this or set it to shared variable such as a PPPoE password so only the customer + customer service staff have access to it. Most importantly, they have to disable the remote management and ask the customer to enable it only when it is needed (and patch the damn firmware). If you subscribe to this 'tidak apa, aku malas' attitude, then you deserve to be screwed over by other people. TM might as well set and lock the default wifi password to 'unifi' and claim that at least that way, every Malaysian will receive free high speed wifi access.

This is supposed to be some revolutionary new infrastructure for us Malaysians, why should we repeat the mistakes of the past? Just because it's already an issue with Streamyx, why let it continue with Unifi when we're starting with a clean slate? Frankly, I'm just disappointed that the LYN forums has to do all the technical support for such a large company.

---

To the others who have thanked me, no prob I guess

DJ @ KDU side has been fully covered since April, not sure about the stretch from DJ -> Kelana Jaya LRT there though

Lolol, looks like someone hit my joomla Brb

EDIT : Lol, note to self -- don't use shared web hosting from Malaysian companies + Joomla.

This post has been edited by rizvanrp: Oct 30 2010, 11:24 PM

Site is back up but I'm gonna be moving to another host (dedicated linux box instead of shared hosting) + rebuilding the site.

Got hit by a some new Joomla exploit They were nice enough not to delete anything but left behind some of their files (compressed PHP shell). No idea what the hosting company is doing at the moment. Anyway, saw this coming a while back and I already setup a backup server but it's going to take some time to port it over.

Lol, yeah. I found the initial attack vector along with a ly0kha shell scattered among the files in the shared hosting account. Had a feeling this entire month that something like this would happen so I had the site backed up + a static version planned to address the issue. For some reason, they took about 3 hours to compromise the account and I'm guessing that my webhost had an AV firewall which blocked PHP shells while they were trying to upload it.. so they compressed it twice and unpacked it once it was uploaded. My Joomla administrator directory was password protected so I assume that they exploited one of the default Joomla modules (as I never installed any 3rd party ones and disabled most of them). Some googling shows they hit a few other websites with the same exploit.

Doesn't matter anyway, site is back up on a hardened VPS.

UPDATE: Looks like it wasn't just my site that was hit, few Shinjiru servers were rooted.

This post has been edited by rizvanrp: Oct 31 2010, 09:19 PM

1. Yeah

2. Depends on what BTU you're using and your other equipment really. I believe there's some security checks using DHCP parameters in place to prevent non BTU clients from patching into the VOIP network. I haven't done much research on this because my own Fiberhome is pretty restrictive and I lack VOIP equipment to test it with.

No, nothing is finalized.

What account are you talking about and where are you logging in?