[clug] Drive-By Pharming Attack Could Hit Home Networks
David Symons
david.symons at liberatedcomputing.net
Sat Feb 17 20:46:34 GMT 2007
On Sun, 2007-02-18 at 00:13 +1100, Michael Cohen wrote:
> On Sat, Feb 17, 2007 at 11:12:37PM +1100, David Symons wrote:
> > Out of the box, my router only allowed administration via the wired
> > interface. Hopefully that's a fairly universal thing, making it a
> > limiting factor on the effectiveness of this sort of attack.
>
> David,
> Thats not the point of the attack - its not that people can administer your
> router through the wireless interface. The attack works by getting your
> machine to request URLs from your router which submit form parameters to the
> CGI administrative interface. So if your machine can admin the router, so can
> the script kiddies... even on wire interfaces.
Ah, thankyou Michael.
So "Drive-By" is meant in a virtual sense and it this really applies to
any router administered this way, wireless or not (if I really do
understand it now).
Cheers, Dave.
--
David Symons
Canberra, Australia
http://www.liberatedcomputing.net
More information about the linux
mailing list