[clug] Drive-By Pharming Attack Could Hit Home Networks

Kim Holburn kim.holburn at gmail.com
Sat Feb 17 14:33:19 GMT 2007

On 2007/Feb/17, at 1:12 PM, David Symons wrote:

> On 2/17/07, Kim Holburn <kim at holburn.net> wrote:
>> http://www.cbronline.com/article_news.asp?guid=B2D823D1-
>> D77D-471F-96B2-0DED432A0CA2
>> > Drive-By Pharming Attack Could Hit Home Networks
>> > 15th February 2007
>> > By Kevin Murphy
>> >
>> > ...
>> > The attack works because most of the popular home routers ship with
>> > default passwords, default internal IP address ranges, and web-
>> > based configuration interfaces.
>> > ...
> Out of the box, my router only allowed administration via the wired
> interface.  Hopefully that's a fairly universal thing, making it a
> limiting factor on the effectiveness of this sort of attack.

Well many wifi routers I've messed with allow administration in the  
clear on the wireless interface in their default config.  It wouldn't  
be hard for manufacturers to change the default.  If that were the  
major security risk around I'm sure pressure could be brought to  
bear.  The trouble is that they are a minor security risk compared to  
Windows desktops and users.

Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3342707610
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list