Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Thursday, February 15, 2007 10:28 AM PT Posted by Erik Larkin

New Attack Type Targets Your Home Network

With trivial ease, a new type of attack can take over poorly set up home networks.

If you haven't changed the default password used on your broadband router (wired or wireless), then a few lines of javascript on any Web site can invisibly direct your browser to change your router's settings and send you to phishing sites.

The proof-of-concept code developed by Symantec and Indiana University in their joint research changed settings for DNS, which guides nearly all Internet traffic. In a real attack (of which there aren't yet any known, thankfully), the hijacked router could send anyone on that home network to their own phishing site instead of, say, bankofamerica.com. You'd end up at the phishing site even if you used best practices like using your own bookmark or typing the address in - and the browser address would display the supposedly real URL.

Or, as has happened in previous DNS attacks, the attacker might just redirect any connection to a poisoned Web site that tries to bust your browser and install a bunch of spyware.

Symantec has more details, along with links to instructions for changing the password on popular routers, in a new blog posting. Indiana University also has a report up.

In this case, the fix is even easier than the simple attack: Make sure you've changed your router password from the default. But this is just one application of a type of attack against internal networks that Jeremiah Grossman of White Hat security has been talking about for some time.

Comments

I was always suspecting so called security labs as a main source of all viruses. I think they are the most interested keeping business running

poltrang
February 17, 2007
1:09 AM PT
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: