Drive By Hits Home
February 2007
Drive_by Web attack could hit home routers
If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious java_script code. For the attack to work, the attackers would need a couple of things to go their way. First, the victim would have to visit a malicious Website that served up thejava_script. Second, the victim's router would have to still use the default password that it's pre_configured with it out of the box. In tests, the researchers were able to do things like change firmware and redirect a D_Link Systems DI_524 wireless router to look up Websites from a Domain Name System server of their choosing. They describe these attacks in a paper, authored by Sid Stamm and Markus Jakobsson of Indiana University, and Symantec's Zulfikar Ramzan. "By visiting a malicious Webpage, a person can inadvertently open up his router for attack," the researchers write. "A Website can attack home routers from the inside and mount sophisticated...attacks that may result in denial_of_service, malware infection, or identity theft."
Source: http://www.infoworld.com/article/07/02/15/HNdrivebywebattack _1.html
Drive_by Web attack could hit home routers
If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious java_script code. For the attack to work, the attackers would need a couple of things to go their way. First, the victim would have to visit a malicious Website that served up thejava_script. Second, the victim's router would have to still use the default password that it's pre_configured with it out of the box. In tests, the researchers were able to do things like change firmware and redirect a D_Link Systems DI_524 wireless router to look up Websites from a Domain Name System server of their choosing. They describe these attacks in a paper, authored by Sid Stamm and Markus Jakobsson of Indiana University, and Symantec's Zulfikar Ramzan. "By visiting a malicious Webpage, a person can inadvertently open up his router for attack," the researchers write. "A Website can attack home routers from the inside and mount sophisticated...attacks that may result in denial_of_service, malware infection, or identity theft."
Source: http://www.infoworld.com/article/07/02/15/HNdrivebywebattack _1.html
posted by arkietechs at 7:12 AM
0 Comments:
Post a Comment
<< Home