Welcome to Delicate template
Header
Just another WordPress site
Header

Most Home Routers Vulnerable to New Attack

January 15th, 2008 | Posted by Brett Edgar in Security - (0 Comments)

GNUCitizen[gnucitizen.org] has released details of a new attack[gnucitizen.org] on UPnP-enabled home routers that can be perpetrated by a Flash object running on the browser of any user. I haven’t tested this, but it looks like it should work even if executed under a non-privileged account. (You do use non-privileged accounts, right?) It should work because this attack vector doesn’t do anything particularly suspicious, and certainly not something that would require administrator privileges. There are several very bad results from this attack, but a worst-case scenario is described in the details published on GNUCitizen’s website:

The most malicious of all malicious things is to change the primary DNS server. That will effectively turn the router and the network it controls into a zombie which the attacker can take advantage of whenever they feel like it. It is also possible to reset the admin credentials and create the sort of onion routing network all the bad guys want.

That would suck.

What’s interesting here is that this is not a vulnerability in UPnP itself. A pre-existing web session with the home router is a prerequisite for this attack to occur. However, GNUCitizen has several other discussions which show that a simple XSS attack is all that is needed to establish the prerequisite. So this is an attack vector that is opened by another exploit entirely!

, , ,

Adult Web Industry Compromised

January 15th, 2008 | Posted by Brett Edgar in Security - (0 Comments)

The AP has released a story [FOXNews.com] detailing that a New Jersey company which provides accounting software to the adult-entertainment industry has been hacked. The software apparently tracks referrals from one website to another and determines how much each website owner is supposed to be paid based on those referrals. The breach allowed the attackers to obtain the subscriber lists of several adult websites. Those subscribers are now being spammed with targeted adult advertisements from competitor websites. The greatest quote from the article from the owner of several adult websites: “There’s a loss, in my opinion, of user confidence.”

, ,

Ugly pictures

January 11th, 2008 | Posted by Dominic Schulte in Malware | Windows - (0 Comments)

Did anyone notice this story on SecurityFocus? It’s an article discribing a series of attempted malware infections that were first reported by the SANS Internet Storm Center over Christmas. Apparently, three people reported buying digital picture frames made by the same manufacturer from three different Sam’s Club stores. When plugged into a computer, the malware on the picture frames attempted to perform various nasty things.

This type of threat is likely to increase as more and more devices become digitally aware. Your best bet for protecting yourself is to disable the autorun feature in Windows. That way you can scan and examine the devices you attach to your computer before the malware they may be hosting has an opportunity to become a part of your digital life.

, , , ,

My Internets are faster than Your Internets!

January 11th, 2008 | Posted by Brett Edgar in Give me more Internets! - (0 Comments)

Comcast is unveiling a new cable Internet standard today at CES. The new standard is DOCSIS 3.0, and promises to allow download speeds of 150Mbps. That’s faster than the 100Mbps most home-user network interface cards currently support. Comcast believes they will have the technology available to millions of homes in 2009.

In other news, dozens of RIAA and MPAA execs have been found cowering in the fetal position in the corner of their offices…

, , ,

iPodXP, or something like it

January 11th, 2008 | Posted by Dominic Schulte in Virtualization - (0 Comments)

While you can’t actually run Windows XP on your iPod (at least not in any way that this author has heard), you can now use it to carry your preferred Windows environment with you to run securely on top of any computer running Windows XP. MojoPac (http://www.mojopac.com) encapsulates your applications, files, settings, and preferences on a portable storage device in a way that allows you to move from machine to machine without leaving a trace and without worrying about the (in)security of the underlying system.

This type of solution could be great for people who use many different machines or frequently use public computers. Similar solutions include: U3 (http://www.u3.com/), Ceedo (http://www.ceedo.com/), and Thinstall (http://thinstall.com/).

, , , , , , ,