funsec mailing list archives
Don't click that link - it may re-program your router?
From: "Gary Funck" <gary () intrepid com>
Date: Mon, 19 Feb 2007 14:34:22 -0800
What does clicking on a "suspicious link" have to do with being pharmed (or is that getting pharmed)? And if someone has re-programmed my router, how will disabling Javascript save me? And I must ask ... is this a real present threat, or a security software vendor FUD campaign? http://news.yahoo.com/s/nf/20070219/tc_nf/50150 Millions Vulnerable to New Hack Attack Elizabeth Millard, newsfactor.com Mon Feb 19, 1:25 PM ET Security firm Symantec and the Indiana University School of Informatics have discovered a new type of security threat that could leave up to 50 percent of home broadband users susceptible to attack. Called "drive-by pharming," the threat is focused on home routers, which can be reconfigured and directed to a malicious Web site if default settings and passwords are being used. [...] Symantec recommends that users should change their default passwords and= employ a multilayered security strategy consisting of an Internet security program that combines antivirus, firewall, intrusion detection, and vulnerability protection. Also important, the research team noted, is avoiding clicking on links that seem suspicious. But the main issue, according to Sophos senior technology consultant Graham Cluley, is that many users either do not change settings or use the password supplied by the manufacturer. Many devices are given obvious passwords for shipping and setup, such as "administrator" or "password," which Cluley noted are very easy for hackers to guess. [...] "More prominent warnings that passwords have not been changed from their default might help encourage users to take this relatively simple step," he said. An additional line of defense is to disable JavaScript on untrusted Web sites, he added. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Don't click that link - it may re-program your router? Gary Funck (Feb 19)
- Re: Don't click that link - it may re-program your router? Jordan Wiens (Feb 19)
- Re: Don't click that link - it may re-program your router? Jeff Kell (Feb 19)
- RE: Don't click that link - it may re-program your router? Blanchard_Michael (Feb 20)
- RE: Don't click that link - it may re-program your router? Michal Zalewski (Feb 20)
- RE: Don't click that link - it may re-program your router? Blanchard_Michael (Feb 20)
- Re: Don't click that link - it may re-program your router? David Lodge (Feb 25)
- Re: Don't click that link - it may re-program your router? Michal Zalewski (Feb 25)
- RE: Don't click that link - it may re-program your router? Michal Zalewski (Feb 20)