Shamus_McFartfinger Posted February 21, 2007 Posted February 21, 2007 http://www.pcworld.com/article/id,129205-c...rs/article.html Cisco Says 77 Routers Open to 'Drive-By Pharming' Cisco is warning users that nearly 80 of its routers are vulnerable to a hack tactic. Gregg Keizer, Computerworld Tuesday, February 20, 2007 04:00 PM PST Cisco Systems Inc. is warning users that nearly 80 of its routers are vulnerable to a hack tactic that got play last week. Dubbed "drive-by pharming" by Symantec Corp. and university researchers who first publicized the danger in a paper, the attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers. In an advisory posted Thursday, Cisco listed 77 vulnerable routers in the lines sold to small offices, home offices, branch offices and telecommuters. The advisory recommended that users change the default username and password required to access the router's configuration settings, and disable the device's HTTP server feature. The paper, co-written by a Symantec researcher and two other researchers from Indiana University, urged a similar move by router owners. "Owners of home routers who set a moderately secure password -- one that is non-default and non-trivial to guess -- are immune to router manipulation via JavaScript," the report read. The researchers also argued that router makers should stop using blank or easy-to-guess passwords, such as "admin," and switch to the device's serial number. "This value, which is unique to each individual router, would comprise a very secure and unpredictable password," the report stated.
Shamus_McFartfinger Posted February 21, 2007 Author Posted February 21, 2007 http://www.enterpriseitplanet.com/security...cle.php/3660921 Symantec: Change Default Passwords, Thwart Drive-by Pharming By Ed Sutherland February 20, 2007 Security vendor Symantec is warning broadband users of a potentially new threat able to reroute Internet traffic to fake Web sites. The hack could rewrite the internal address book of many home users' routers, which, for example, are used for setting up wireless networks. "This attack has serious implications and affects many millions of users worldwide," claimed Zulfikar Ramzan, a Symantec researcher and one of the authors of proof-of-concept code about the vulnerability. The threat, dubbed "Drive-by Pharming," relies on consumers to not change the default password once they set up their router with their broadband connection. Symantec said the practice could leave up to 50 percent of some 80 million broadband homes in the U.S. vulnerable. Ramzan, a senior researcher with Symantec's Security Response group, told internetnews.com the vulnerability would take only one line of JavaScript code and works on every router. "The very infrastructure of the Internet is under threat." The warning comes about two months after Ramzan, along with Indiana University researchers began researching details of the proof-of-concept. Although pharming is old hat, this new version attacks the DNS server settings of all consumer routers, including D-Link, Cisco's Linksys and Netgear. Hackers create a web page including malicious JavaScript code able to log into your router using the device's default password. Unlike previous pharming attempts, no links need be clicked or software downloaded. Victims need only visit a specially-designed Web site. Once inside, hackers could effectively change the router's DNS settings, redirecting your bank's address to an identical site maintained by attackers. "However, you'll never realize that you were at a fake bank since you trusted the address," Ramzan wrote in a blog posting explaining a potential attack. Consumers might think they are at their banking site, but they are actually at www.stealmyidentity.com, Gartner security analyst John Pescatore told internetnews.com. Pescatore said consumer router manufacturers favor ease of use over security. Router makers offer consumers instructions on how to change the default passwords. Linksys, for example, warns consumers to change their passwords. D-Link said it was aware of the threat. "We have redoubled our efforts to educate our customers on the importance of security in general, as well as the importance of changing the wireless router's default SSID and password, and enabling strong encryption," D-Link spokesman George Cravens told internetnews.com. Netgear was not immediately available for comments on the router threat. The lesson for router vendors: "Make security a standard part of the setup wizard, not a step at the end that says 'you should turn security on, and change defaults later, if you dare,'" advised Pescatore. Story courtesy of InternetNews.
Recommended Posts