
CNET News' Joris Evers reports that Symantec this week announced the results of security research, conducted with the Indiana University School of Informatics, which found that it's possible to change the DNS setting of a router by tricking the owner into viewing a fake Web page with JavaScript code. The company calls it 'Drive-By Pharming.'
"I have been able to get this to work on Linksys, D-Link and netgear routers," says Symantec researcher Zulfikar Ramzan. "You can create one Web site that is able to attack all routers. My feeling is that it is just a matter of time before phishers start using this."
According to Ramzan, the attack works on any brand of router, but only if the default password hasn't been changed -- the JavaScript code uses the default password to gain access. While most router manufacturers recommend changing the default password, it's still easy to set up a router without doing so.
Symantec's page explaining the attack is here.
More here from InformationWeek ... and more here from InfoWorld.
Mr Wong
Vote for Drive-By Pharming: Symantec Says to Change Your Passwords:
|
Rating: 6.75 out of 4 vote(s) cast.
|
- mobile broadband
| RSS | See all blog subscribe options |
|
What is RSS? | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Newsletter | |
| Follow us on Twitter! |








