Drive-By Pharming - Let me fine tune your DNS entries
ABC News reports on a new attack vector targeted at broadband routers / acces points : Drive-By Pharming. This attack has one of the most devastating potential we’ve seen this year and I would rate it as very high impact. Maybe not as massive as the Universal PDF XSS Vulnerability , but still raises a few big question marks about web applications’ security. C’mon, directly altering my router’s DNS settings ? How scary is that … Here is an ABC News quote on the subject :
Professor Markus Jakobsson of Indiana University has done a lot of research on router vulnerabilities. Jeremiah Grossman of WhiteHat Security gave a talk at the Black Hat conference last year on Javascript malware. Zulfikar Ramzan of Symantec Security Response put the two pieces together… and realized that it’s possible for Javascript on a web site to modify your router’s DNS settings.
The full release by Zulfikar Ramzan of Symantec Security Response.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Post Info
This entry was posted on Tuesday, February 20th, 2007 and is filed under Web Applications, Articles.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Blind SQL Injection Tool : sqlmap »
Next Post: PHP vs. PHP. Live bugs every day during March »
Read More
Related Reading:- Gemalto - Security To Be Free
- Free alternative to ArcSight ESM ? Hardly..
- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
- OpenDNS Offers Free Web Content Filtering
