SO we are screwed what else! Wait till this has a big effect on the end user then people will care But for us how can we defend against it!<br><br><div><span class="gmail_quote">On 2/15/07, <b class="gmail_sendername">Oliver Friedrichs
</b> <<a href="mailto:oliver_friedrichs@symantec.com">oliver_friedrichs@symantec.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<p><span style="font-size: 10pt; font-family: Georgia;"><span><font face="Arial">Everyone,</font></span></span></p>
<p><span style="font-size: 10pt; font-family: Georgia;"><span><font face="Arial">I'm posting this on behalf of Zulfikar
Ramzan who isn't subscribed to this list.</font></span></span></p>
<p><font size="2"><span style="font-size: 10pt; font-family: Georgia;"><font face="Arial">We discovered a
new potential threat that we term "Drive-by Pharming". An attacker can
create a web page containing a simple piece of malicious JavaScript code.
When the page is viewed, the code makes a login attempt into the user's home
broadband router and attempts to change its DNS server settings (e.g., to point
the user to an attacker-controlled DNS server). Once the user's
machine receives the updated DNS settings from the router (e.g., after the
machine is rebooted) future DNS request are made to and resolved by the
attacker's DNS server. </font></span></font></p>
<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Georgia;"></span></font></p>
<p><font size="2"><span style="font-size: 10pt; font-family: Georgia;"><font face="Arial">The main
condition for the attack to be successful is that the attacker can guess the
router password (which can be very easy to do since these home routers come with
a default password that is uniform, well known, and often never changed).
Note that the attack does not require the user to download any malicious
software – simply viewing a web page with the malicious JavaScript code is
enough. </font></span></font></p>
<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Georgia;"></span></font></p>
<p><font size="2"><span style="font-size: 10pt; font-family: Georgia;"><font face="Arial">We've written
proof of concept code that can successfully carry out the steps of the attack on
Linksys, D-Link, and NETGEAR home routers. If users change their home
broadband router passwords to something difficult for an attacker to guess, they
are safe from this threat. </font></span></font></p>
<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Georgia;"></span></font></p>
<p><font size="2"><span style="font-size: 10pt; font-family: Georgia;"><font face="Arial">Additional
details on the attack can be found at: </font><a title="http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html" href="http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
<font color="#800080" face="Arial">http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html</font></a><font face="Arial">. </font></span></font></p>
<div><font face="Arial" size="2"><span>Oliver</span></font></div>
<div><font face="Arial" size="2"><span></span></font> </div></div>
<br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com/watches.asp?Brand=39">http://www.goldwatches.com/watches.asp?Brand=39</a><br><a href="http://www.wazoozle.com">http://www.wazoozle.com</a>