[clug] Drive-By Pharming Attack Could Hit Home Networks

Kim Holburn kim.holburn at gmail.com
Thu Feb 22 17:19:24 GMT 2007

Hash: SHA1

On 2007/Feb/22, at 11:46 AM, Sam Couter wrote:

> Kim Holburn <kim.holburn at gmail.com> wrote:
>> I like the idea of a password based on mac address or serial number.
>> It has some inherent security compared with a default password.
> The MAC address is broadcast with every packet. No good basing secrets
> on that.

If wireless is not active until the password is changed then it is  
not an issue.  mac address is only broadcast on the local subnet.

>> Surely it could be done as a script?  The system wakes up after a
>> reset to default and says to itself - "No password - create a new one
>> from the serial number with this script. There, that's better.  Now
>> I'll allow wireless to be activated."  Then all copies of the OS
>> could be the same.
> Where does it get the serial number from if all the images are  
> identical?

Like I said: a start-up script that looked at the admin password on  
start up and if it was the default, changed it to the mac address.


- --
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3342707610
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

Version: GnuPG v1.4.5 (Darwin)


More information about the linux mailing list