Remember those SMC combination cable modem and Wi-Fi routers used by Time Warner Cable that a blogger highlighted could be easily hackable? Well, they're still hackable. According to Wired News, despite Time Warner Cable's assurances that a resolution had already been deployed, the devices still appear to be at least partially vulnerable. A quick nmap port scan of a random Time Warner subnet by blogger David Chen found hundreds of marginally-secured devices that were still vulnerable. SMC says they have created a patch, but Chen insists the patch doesn't fix the problem entirely. Best bet? Ditch the hybrid SMC device, get a regular modem from Time Warner Cable, and go buy a real router.

A vulnerability in a Time Warner combination Wi-Fi router and cable modem could allow a hacker to remotely access the device's administrative menu over the internet, according to blogger David Chen. Time Warner Cable has confirmed the flaw, which impacts some 65,000 Time Warner Cable broadband users. According to Chen, he discovered the vulnerability when trying to change the unit's default encryption from WEP to WPA2, only to find the unit's administration functions were disabled via javascript. Chen simply disabled browser Javascript: story continues..

Comcast reached out to us today to note that they're employing a new strategy to help deal with customers they've identified as having trojan-infected PCs. According to Comcast, the company is going to start issuing alerts on subscriber PCs (see screenshot below) should the user be showing the telltale signs of botnet or spam relay infection. The alert can either be ignored by the customer, or they can click on a link that will take them to the Comcast security center, which offers cleanup guidance.

Comcast isn't alone in trying to automate the trojan identification and cleaning process.

Declan McCullagh has for years had a nasty habit of actually reading the laws Congress passes into law, which is frequently more than can be said of Congress itself. Last week, McCullagh wrote a piece for CNET exploring a new bill aimed at shoring up the nation's cybersecurity defenses. According to McCullagh, the bill would allow Uncle Sam to "seize temporary control of private-sector networks during a so-called cybersecurity emergency." McCullagh, who has a Libertarian bent, wound up terrifying the entire Internets.

While that sounds scary, there's just one problem.

It seems like only yesterday that the WEP wireless security standard became roughly the security equivalent of tissue paper. Now a team of Japanese researchers say they've found a way to break the WPA encryption system in about one minute. Highlighted at a Japanese conference this week, the attack expands on on a similar WPA attack disclosed last November, but does not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm. Given Wi-Fi-certified products have had to support WPA 2 since March of 2006, and the attack only works on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm -- protecting yourself shouldn't be rocket science, though you might want to pop by mom and dad's house.

Update: Glenn Fleishman has a excellent piece here that goes into the technical specifics of the attack in great detail.