All Your Router Are Belong to Us
Category: Bugs / VirusPosted: April 8, 2008 07:38AM
Author: Nemo
A researcher plans to demonstrate at the RSA security conference today how java script from a Web page could hijack your router. While it has been known fro some time this type of attack was theoretically possible, the researcher, Dan Kaminksy, will show how it would actually work on certain widely used routers from makers such as D-Link and Linksys. The problem is not a bug in the routers themselves, but rather stems from the fact that many, if not most, home users don't reset the default password on their router. The attack, known as a DNS rebinding attack, works when a user visits a malicious Web page that would then download code written in java script that would then make changes through the router's web-based setup pages. Sounds like a good time to make sure you have replaced your router's default login credentials with something a little stronger and harder to guess.
