Browser bug, weak password compromises your router

Thu Apr 10, 2008 4:54PM EDT

See Comments (4)

Hackers are finding all kinds of vulnerabilities in web browsers, and using them to break into pretty much any system they want to. PCWorld reports that Dan Kaminsky, Director of Penetration Testing at IOActive, showed how a Web-based router attack could easily be carried at an RSA security conference in San Francisco. According to the article, this type of attack would work on pretty much any router out there, including those sold by Linksys and D-Link.

Most consumers forget to change the default password on their router, which basically makes them vulnerable to a DNS rebinding attack. This type of attack takes the victim to a malicious site that loads JavaScript code to the browser, and changes the settings on the router's Web-based configuration page. The script could also force the router to download firmware, which is another way intruders gain complete control, and access into anything in the network.

Kaminsky says the problem is not with the router itself, but with the browser. Users who don't change their router's passwords are taking their chances, so change make sure your password is not easy to crack to prevent this.

Our Yahoo! Tech experts have written about router security before, so check out these articles if you need some help.

Logging into Your Access Point the First Time
Step By Step: How to Protect Your Wi-Fi Network
How to Reset a Wireless Router
Wi-Fi Security Made Easy

Comments on Browser bug, weak password compromises your router

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by kupriaa1 on Thu Apr 10, 2008 5:22PM EDT Report Abuse

    How is this a problem with the browser? Do you suggest disabling javascript? What kind of an idiotic idea is that? Most websites require javascript-if we didnt enable javascript, activeX, and java most of the website we love for their content wouldnt work any more. This is just silly. And a silly story to begin with. People should always change the password on their router immediately. People who dont are silly. Also they shouldnt visit websites that would have this type of javascript code. Silly silly silly people

  • 2 Posted by snakeyes1231 on Thu Apr 10, 2008 6:14PM EDT Report Abuse

    What they are saying is when you don't change your router default password you are leaving yourself open tot DNS rebinding which will cause you to go to another site which has the malicious code. For example if you regularly go to yourdomain.com (IP address is 123.423.123.5) and your DNS has been rebound instead of going to the correct 123.423.123.5 server which houses the website you will directed to another server (i.e. 32.43.12.123) that will have the site that contain the malicious code. In setting up a router you can set the DNS server that will you, when you do not change the password, someone can set the DNS server that your router will access to one that is not valid which in turn will cause false host name resolution causing the incorrect page to load.

  • 3 Posted by kupriaa1 on Fri Apr 11, 2008 8:05AM EDT Report Abuse

    Snake read my post again- its silly not to change the default password on your router.

  • 4 Posted by snakeyes1231 on Fri Apr 11, 2008 8:15PM EDT Report Abuse

    I read your post and you said "How is this a problem with the browser? Do you suggest disabling javascript? What kind of an idiotic idea is that?" I'm referring to the browser aspect and how those that don't change their routers default password, leave their browser open. you didn't read what i was saying I was talking about how DNS rebinding will affect your browser. I know you should always change your default routers default, I've setup my far share of routers.

More Posts: First Prev 1 Next Last

Post a Comment

Sign In to Post a Comment

 

Sign In to see your profile information, saved products and more...

Register Sign In

My Favorite Gadgets

 
Quick Compare See All Favorite Gadgets
 

Recent Activity

 

Recently Viewed

on | off on | off
 

Recent Searches

on | off on | off
 
 
 

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.