Drive-By Pharming is a Phisherman’s Delight March 9, 2007
Posted by eastvalleygeeks in Uncategorized.comments closed
Research by Symantec and Indiana University (Bloomington) has discovered a new attack technique that could badly compromise home networks. They call it “drive-by pharming.”
In the attack, the user surfs a malicious Web page which, through a combination of Java and Javascript, determines the address and model of the network router. This turns out not to be that hard to do. Then, using a database of default usernames and passwords, it reprograms the router, which is typically done through a simple HTML form submission, to change the DNS server addresses for the network to one controlled by the attacker.
With the network now doing DNS resolution using a malicious server, high-quality and convincing phishing attacks become possible. When the browser points to “www.paypal.com” the attacker can use their own server and it will look completely legitimate, including the use of https.
Note that this attack is extremely easy to block: Just change the default administration password for your router. Sadly, many users don’t do this, but with drive-by pharming the arguments for changing the defaults become much more compelling. finish story here
The Killing of Wi-Fi March 5, 2007
Posted by eastvalleygeeks in Uncategorized.comments closed
There is mounting evidence that the cellular service companies are going to do whatever they can to kill Wi-Fi. After all, it is a huge long-term threat to them. We’ve seen that the route to success in America today is via public gullibility and general ignorance. And these cell-phone–service companies are no dummies.
The always-entertaining Pew Internet & American Life Project ran a survey, and the results show that 34 percent of Internet users have gone online with a Wi-Fi connection or one of those newly popular and overpriced cell-phone services. Two years ago, this number was 22 percent. Another factoid from the survey: 19 percent of all users have Wi-Fi in the home. This number was a mere 10 percent just one year ago. The last tidbit from the survey worth noting is that only 56 percent of the people who have PDAs that hook to the Internet have actually gone on the Net via their PDA. The same goes for the people who have cell phones with Internet capability; not much more than half have actually used it. full story here
