NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0493 Web-based Attack Can Take Over Routers:


Researcher Dan Kaminsky will demonstrate at the RSA Conference in San Francisco how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused to take control of a router, according to an online IT journal. The technique, called a DNS rebinding attack, would work on virtually any device, including printers, that uses a default password and a web-based administration interface, said Kaminsky. The victim would visit a malicious web page that would use JavaScript code to trick the browser into making changes on the web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker's control. Either way, the attacker would be able to control his victim's internet communications.

DNS service provider OpenDNS will reportedly offer users of its free service a way to prevent this type of attack, and the company will also set up a web site that will use Kaminsky's techniques to give users a way to change the passwords of vulnerable routers, according to OpenDNS CEO David Ulevitch.

The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said. "The vast majority of home users have a device with a default password," he said.

(www.computerworld.com.au 08APR08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Saturday, 02-Aug-2008 21:50:06 EDT