[hblug] Computer Routers Face Hijack Risk Says Study

[Rene Bartosh]

I have seen a whitepaper on the effectiveness of this technique in
densely populated areas. Basically you automate the process of
reflashing routers with defaults passwords etc to a firmware which
contains poisoned DNS records or packet sniffing/capture for the
purpose of obtaining information for various types of identity fraud.

Personally I did a little wardriving when I was in Tauranga a few
weeks ago and out of the 300 wireless acces points I pulled up, 200
had some form of encyption enabled (although if this was WEP cracking
it is apparently trivial).

So things have moved a long way in terms of routers being sold with no
instructions to change passwords or encryption settings, but as always
with enough effort someone could gain massive results with an attack
of this kind.

</braindump>

Rene

On 17/02/07, Perry Spiller <p.spiller at xtra.co.nz> wrote:
>
>
>  Move over IE & FF . . . .
>
>  Computer Routers Face Hijack Risk Says Study
>  Friday, February 16, 2007 | CBC News
>
>  Researchers at the University of Indiana and Symantec Corp.
>  are warning that about half of Internet users with a home router
>  are vulnerable to having the hardware hijacked.
>
>  What sets the attack apart from others of its kind is that it does
>  not rely on vulnerabilities in a web browser or other software,
>  but instead lets malicious individuals attack at the network level.
>
>  More . . .
> http://www.cbc.ca/technology/story/2007/02/16/tech-routervulnerabilty-20070216.html
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.441 / Virus Database: 268.18.1/690 - Release Date: 16/02/2007
> 2:25 p.m.
>
> _______________________________________________
> HBLUG mailing list
> HBLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/hblug
>
>


-- 
>From Rene Bartosh (Gmail account) <kirjava at gmail.com>
Personal: http://kirjava.net.nz/
Work: http://eksion.net/