Drive-By Pharming – Let me fine tune your DNS entries
ABC News reports on a new attack vector targeted at broadband routers / acces points : Drive-By Pharming. This attack has one of the most devastating potential we’ve seen this year and I would rate it as very high impact. Maybe not as massive as the Universal PDF XSS Vulnerability , but still raises a few big question marks about web applications’ security. C’mon, directly altering my router’s DNS settings ? How scary is that … Here is an ABC News quote on the subject :
Professor Markus Jakobsson of Indiana University has done a lot of research on router vulnerabilities. Jeremiah Grossman of WhiteHat Security gave a talk at the Black Hat conference last year on Javascript malware. Zulfikar Ramzan of Symantec Security Response put the two pieces together… and realized that it’s possible for Javascript on a web site to modify your router’s DNS settings.
The full release by Zulfikar Ramzan of Symantec Security Response.
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Tuesday, February 20th, 2007 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Blind SQL Injection Tool : sqlmap »
Next Post: PHP vs. PHP. Live bugs every day during March »
Read More
Related Reading:- SC Magazine 2010 Awards Winners
- Qualys Unveils 3 New Services – Some Are FREE!
- OWASP Broken Web Applications – Excelent Learning Tool
- GFI WebMonitor 2009 Review
- ModSecurity 2.5 – New Book Soon To Be Released
- NetWitness releases NextGen version 9.0
- Twitter Weekly Updates for 2009-07-19
- Twitter Weekly Updates for 2009-07-12
- Twitter Weekly Updates for 2009-07-05
- Twitter Weekly Updates for 2009-06-28
