If you own a wireless router....
Feb. 24th, 2007 01:19 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewaynePLEASE CHANGE THE DEFAULT ADMINISTRATOR PASSWORD if you haven't already. There's a new attack going around where, if you go to a corrupt page, it launches a malicious script on your PC that tries to identify your wireless router and change the administrator password. If it succeeds, it then becomes a base layer for phishing attacks by redirecting your attempts to access financial accounts to servers under the attacker's control. In such cases, if the cloned sites are done well (and with the amount of work that this attack requires, they'll probably be done well), you may not know that you're not on your bank's web site.
There are two obvious solutions. First, make sure that your administrator password isn't the default factory setting. Second, don't go to such web sites that these attacks are launched from. Unfortunately it's not easy knowing where such sites might be lurking. I think that part of the reason that I've been virus-free for so long is that I don't go where angels fear to tread and I'm not constantly downloading programs and toolbars. But maybe I'm just lucky.
OK, I mis-read the article. This is a proof-of-concept, i.e., someone created this attack and proved it viable. This does not mean that it exists in the wild. Still, you should change the default password on your wireless router.
There are two obvious solutions. First, make sure that your administrator password isn't the default factory setting. Second, don't go to such web sites that these attacks are launched from. Unfortunately it's not easy knowing where such sites might be lurking. I think that part of the reason that I've been virus-free for so long is that I don't go where angels fear to tread and I'm not constantly downloading programs and toolbars. But maybe I'm just lucky.
OK, I mis-read the article. This is a proof-of-concept, i.e., someone created this attack and proved it viable. This does not mean that it exists in the wild. Still, you should change the default password on your wireless router.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-02-24 04:08 pm (UTC)If you do use public WAPs that you don't know who is running them, NEVER do anything that requires a password, ESPECIALLY banking!
I'm not too concerned, personally, because I use Zone Alarm Pro and am always fully updated (yes, I could get caught by a theoretical zero day exploit) and my wife uses a Mac, which is much stronger security-wise. But NEVER do financial or other important stuff over open WAPs that you don't personally know!
no subject
Date: 2007-02-24 05:47 pm (UTC)