Drive-by Pharming Threat | FreddieFreeloader

Drive-by Pharming Threat no comments

Posted at 11:05 am in Security

This is just in on Bugtraq.

Drive-by Pharming

In gist:

“An attacker can create a web page containing a simple piece of malicious JavaScript code. When the page is viewed, the code makes a login attempt into the user’s home broadband router and attempts to change its DNS server settings (e.g., to point the user to an attacker-controlled DNS server). Once the user’s machine receives the updated DNS settings from the router (e.g., after the machine is rebooted) future DNS request are made to and resolved by the attacker’s DNS server. “

– Zulfikar Ramzan of Symantec

Fact: a lot of dsl router/modems have default user/passwords. Users rarely, if ever, change them.

Think about the implication. An attacker controlled DNS server can point *insert your favorite webmail/online banking/online shopping site here* to his own mock-up of the site and no one is wiser.

Written by admin on February 16th, 2007

« Top 10 Reasons Why I Don’t Like Desktop Environments

Leave a Reply

Subscribe to my blog!

Pages

# whoami_

Empower Yourself with These!

Archives

Categories

Recent Posts

Add to Technorati Favorites

Recent Comments

Php Exchange Rates

This feed has been disabled due to abuse
<P>The Ansuz Exchange Rate RSS service has been shut down due to extreme long-term abuse and a lack of constructive user participation. Many people were making thousands of queries per day - in some cases more than one query per second - against a service that only updates five times per week. Almost none of the visitors to the service paid any attention to the other content on my site. Attempts to rate-limit users had very little effect, because people would continue hitting the script thousands of times for weeks or months despite getting nothing but 403 Forbidden responses. People posted links to my service on Web BBSes and never mentioned who provided it, nor talked about my other content, nor participated in my site in any other way. Although it was meant as a demonstration of the Rippy library for people to use as inspiration in constructing their own similar services elsewhere, very few people actually did that; instead they used mine to exhaustion. One person hired me as a consultant to help him set up a similar service elsewhere, and then didn't pay me. Today (October 14, 2009) my hosting provider contacted me to say that the load on their systems from abuse of the exchange rate script had grown to the point that it came up during their investigation of server load problems. They didn't ask me to shut it down (and it's not clear it really was a problem; they just noticed it while debugging something else) - instead, they suggested some ways to reduce the load while keeping the script running, by cracking down more harshly on abusive users. But I'm not willing to continue putting in the effort to maintain something that brings me so little benefit; I'm choosing to take it down entirely, at least for the moment.</P> <P>If this service comes back at some point in the future, it'll be set up in such a way that long-term users will be required to register and participate in the other things on my site. There might or might not be a demo available without registration. At such time as I do that I might also be able to provide real-time instead of once-a-day data, because I recently found a source for that. It will depend on whether I think there'll be enough user participation to make it worthwhile.</P> <P>For more information, please see <A HREF="http://ansuz.sooke.bc.ca/">my Web site</A> or <A HREF="mailto:mskala@ansuz.sooke.bc.ca">send me email</A>.</P> <P>- Matthew Skala</P>