[clug] Drive-By Pharming Attack Could Hit Home Networks
davec at internode.on.net
Thu Feb 22 12:43:13 GMT 2007
On Thu, Feb 22, 2007 at 02:32:49PM +1100, Alex Satrapa wrote:
> Alternately, the mass-produced anonymous device could ship with
> wireless deactivated by default, with the initial administrative
> connection being made by cable connected to the device. Turning on
> the wireless would then require a password to be entered (or
> modified). This preserves the economy of mass-produced anonymous
> devices, while providing some means of preventing "default password"
> attacks on such devices as installed at users' premises.
I think many routers already do this (no admin on wireless interface
and/or wireless disabled out of the box). It doesn't stop *this* attack
though, thats the whole reason this one is more interesting, it works
from *your* computer over your *wired* connection.
More information about the linux