Home routers under attack - archive
FYI...
- http://preview.tinyurl.com/2ubp3y
February 15, 2007 ~ "If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code... Once the router has been compromised, victims can be redirected to fraudulent Web sites, the researchers say. So instead of downloading legitimate Microsoft software updates, for example, they could be tricked into downloading malware. Instead of online banking, they could be giving up sensitive information to phishers..."
:fear:
Top 10 Passwords to Avoid
FYI...
- http://www.darkreading.com/document....988&print=true
FEBRUARY 22, 2007 ~ "...Researchers at the University of Maryland recently completed a study in which four live Linux servers were set out as bait to see how often they would be attacked. The study racked up 269,262 attempts in a 24-day period... During that time, 824 attempts were successful -- the attacker got the server's username and password. On average, that means that each of the servers was "cracked" almost 10 times a day...
Most commonly-guessed passwords in cyberspace, in order of frequency (to be avoided):
* 1. (username)
* 2. (username)123
* 3. 123456
* 4. password
* 5. 1234
* 6. 12345
* 7. passwd
* 8. 123
* 9. test
* 10. 1
...The username "root" -- which traditionally has given administrators access to multiple systems at the root level -- is by far the most frequently-guessed, with "admin" finishing a distant second..."
:fear:
Drive-by Pharming in the Wild
FYI...
Drive-by Pharming in the Wild
- http://preview.tinyurl.com/yqutaj
January 22, 2008 (Symantec Security Response Weblog) - "In a previous blog entry* posted almost a year ago, I talked about the concept of a drive-by pharming attack. With this sort of attack, all a victim would have to do to be susceptible is simply view the attacker’s malicious HTML or JavaScript code, which could be placed on a Web page or embedded in an email. The attacker’s malicious code could change the DNS server settings on the victim’s home broadband router (whether or not it’s a wireless router). From then on, all future DNS requests would be resolved by the attacker’s DNS server, which meant that the attacker effectively could control the victim’s Internet connection. At the time we described the attack concept, it was theoretical in the sense that we had not seen an example of it “in the wild.” That’s no longer the case... In one real-life variant that we observed, the attackers embedded the malicious code inside an -email- that claimed it had an e-card waiting for you at the Web site gusanito . com. Unfortunately the email also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site. Now, anyone who subsequently tried to go to this particular banking Web site (one of the largest banks in Mexico) using the same computer would be directed to the attacker’s site instead. Anyone who transacted with this rogue site would have their credentials stolen... I would still recommend changing the default router password to something that’s more difficult to guess. For many other router models, doing so will protect you... Also, in general I’d recommend that you reset the router anyway before changing your password. This step ensures that if you have become a victim already, you can start with a clean slate..."
* http://preview.tinyurl.com/2uqwug
> http://blog.trendmicro.com/targeted-...ng-via-modems/
- http://isc.sans.org/diary.html?storyid=3881
Last Updated: 2008-01-24 02:11:21 UTC
:fear::fear: