Your Ad Here Your Ad Here
Results 1 to 6 of 6

Thread: New 'Pharming' Attack Targets Your Router

  1. #1
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    Feb. 15, 2007 -- I get tons of press releases about this-or-that brand new security threat. Most of them aren't nearly as scary as they're hyped to be, and the solution is almost invariably "buy our product!"

    But today I heard about a new threat discovered by Symantec and Indiana University that could be a real doozy. It's especially pernicious in that normal security software doesn't detect it. But you don't have to buy anything to protect yourself. That's doubly unusual.


    The attack is based on pharming, which, like phishing, is a way bad guys trick you into visiting fake web sites. Where phishing fools you-the-user, pharming fools your computer. It does this by compromising your system's access to the DNS (Domain Name Server) system. When you type www.mybank.com, DNS translates that into the correct IP address.

    Source: http://abcnews.go.com/Technology/ZDM/story?id=2878235

  2. News (Archive)   -   #2
    Poster BT Rep: +11BT Rep +11BT Rep +11
    Join Date
    Nov 2006
    Posts
    582
    Whoa, a malicious javascript that runs through your browser and is able to reset the password on a router even if remote administration on the router is turned off. Granted the router is only vulnerable if the password hadn't been changed by the user, but this just highlights the need for networking hardware manufacturers, especially those who make home routers, to ship their products preconfigured to run securely. The user should be encouraged to change their password. Ideally one would hope that users had this knowledge before getting connected to the net in the first place, but that just is not case nowadays. The massive amount of spambots and zombie machines shows that something has to be done to get new users up to speed and companies who make home routers (that's you linksys) can make a difference here.

    Thanks for the story peat moss. I wouldn't even think an exploit like this was possible but it just goes to show that securing a computer is an ongoing process.

  3. News (Archive)   -   #3
    Hairbautt's Avatar *haircut
    Join Date
    Jul 2004
    Location
    Florida
    Age
    20
    Posts
    11,028
    Quote Originally Posted by grchl3 View Post
    Whoa, a malicious javascript that runs through your browser and is able to reset the password on a router even if remote administration on the router is turned off. Granted the router is only vulnerable if the password hadn't been changed by the user, but this just highlights the need for networking hardware manufacturers, especially those who make home routers, to ship their products preconfigured to run securely. The user should be encouraged to change their password. Ideally one would hope that users had this knowledge before getting connected to the net in the first place, but that just is not case nowadays. The massive amount of spambots and zombie machines shows that something has to be done to get new users up to speed and companies who make home routers (that's you linksys) can make a difference here.

    Thanks for the story peat moss. I wouldn't even think an exploit like this was possible but it just goes to show that securing a computer is an ongoing process.
    I didn't think it was possible, either. I completely agree on the part of users not knowing about their router security, too. I didn't know about it, until I found a thread here bout it sometime ago.
    _________________________________________________________________________________________
    Last edited by Alien5; Jun 6th, 2006 at
    06:36 PM..

  4. News (Archive)   -   #4
    Poster BT Rep: +11BT Rep +11BT Rep +11
    Join Date
    Nov 2006
    Posts
    582
    That's just what I was thinking too Hairbautt. Luckily we get this info because we keep up with computer news by visiting sites like FST and others that post these headlines (Nice job with the Firefox cookies flaw story btw ). The really distressing part of this is that the majority of users don't even realize that these issues exist because news like this doesn't really hit the mainstream headlines. I remember when the wireless drivers exploit was announced no one outside of computer enthusiasts knew there was an issue.

    The other part of it is that securing a computer/home network has become more and more onerous. MS did one thing right with XP SP2 and the integrated firewall. But outside of windows updates, a user now has to make sure that so many other applications are updated including office apps, graphics programs, im clients, browser plugins and multimedia apps just to name a few. Its all just become too unwieldy. For example, if a user clicks on the wrong link thats been specifically crafted to take advantage of an exploit in an im client, all the other updates can be made moot. I just wish keeping track of all the exploits and updates was a bit more centralized and streamlined. I guess the solution would be to make the switch to linux. It definitely couldn't hurt.
    Last edited by grchl3; 02-23-2007 at 06:45 PM.

  5. News (Archive)   -   #5
    Hairbautt's Avatar *haircut
    Join Date
    Jul 2004
    Location
    Florida
    Age
    20
    Posts
    11,028
    Quote Originally Posted by grchl3 View Post
    I guess the solution would be to make the switch to linux. It definitely couldn't hurt.
    Oh, thank god I thought you were going to say MAC , but seriously take that whole argument you just posted and write a book about it, because I think it's so true.
    _________________________________________________________________________________________
    Last edited by Alien5; Jun 6th, 2006 at
    06:36 PM..

  6. News (Archive)   -   #6
    Poster BT Rep: +11BT Rep +11BT Rep +11
    Join Date
    Nov 2006
    Posts
    582
    Quote Originally Posted by Hairbautt View Post
    Oh, thank god I thought you were going to say MAC ,
    I wouldn't dare! I get enough of that from my mac loving friends

    Quote Originally Posted by Hairbautt View Post
    but seriously take that whole argument you just posted and write a book about it, because I think it's so true.
    Looking back over what I just posted, I think I just did write a book . MS just gets me so riled up sometimes...and then I go right back and use the same os I spent half an hour complaining about.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •