[clug] Drive-By Pharming Attack Could Hit Home Networks

David Collett davec at internode.on.net
Thu Feb 22 12:43:13 GMT 2007


On Thu, Feb 22, 2007 at 02:32:49PM +1100, Alex Satrapa wrote:
> Alternately, the mass-produced anonymous device could ship with  
> wireless deactivated by default, with the initial administrative  
> connection being made by cable connected to the device. Turning on  
> the wireless would then require a password to be entered (or  
> modified). This preserves the economy of mass-produced anonymous  
> devices, while providing some means of preventing "default password"  
> attacks on such devices as installed at users' premises.

I think many routers already do this (no admin on wireless interface
and/or wireless disabled out of the box). It doesn't stop *this* attack
though, thats the whole reason this one is more interesting, it works
from *your* computer over your *wired* connection.

Dave


More information about the linux mailing list