We love our macs because they aren't very vulnerable to viruses and such. But there is a fairly new kind of attack that targets one's router. All one needs to do is visit a web page or view an image with a nefarious URL. No password is needed. No software gets installed on your computer. In fact, the vulnerability isn't on your computer. The router, once compromised, reports the wrong DNS addresses and can lead you to phishing web sites made to look exactly like your familiar bank web site, etc. When you log in, they get your login credentials and your account is compromised. You won't know it until it is too late. Your browser will report the correct domain name. The only way you'd know is if you actually checked the IP address before being compromised. I'm sure everyone here has a ready list of the IP addresses of all their critical web sites... yea, right.
tech.slashdot.org/article.pl
If you use a 2Wire router this could affect you. Even if you don't, you should periodically check to see if there is a firmware update for your router, and update it. It is usually very easy to do and doesn't take long.
tech.slashdot.org/article.pl
If you use a 2Wire router this could affect you. Even if you don't, you should periodically check to see if there is a firmware update for your router, and update it. It is usually very easy to do and doesn't take long.
posted by:
|
SF Bay Area
|
-
Re: 2Wire DSL Modems and Routers subject to redirect vulnerability
Tue, April 8, 2008 - 5:44 PMAnd since 2wire's crappy products are the favorite of Telcos and cable providers everywhere, most folks who know nothing about even having a router are vulnerable. Way to go, guys!
-
Re: 2Wire DSL Modems and Routers subject to redirect vulnerability
Wed, April 9, 2008 - 12:11 PMOne thing that can be done to help mitigate the damage of such an attack on one's router is to explicitly configure the DNS server(s) in your Mac (or PC), since that way it won't use whatever server(s) the router advertises via DHCP. Either use the one(s) your ISP has, or find some other one(s) that seem to work for you, such as OpenDNS, and add them to your Network preferences. At least this way you won't be as vulnerable to DNS spoofing attacks that can make phishing attacks much easier for an attacker, since your Mac will send DNS queries directly to known valid DNS servers.
I don't have a 2Wire router so I don't know this for sure, but I believe the URL attack depends on the router having the default password, so the other thing to do is to make sure you change that admin password to something else, obviously using the common recommendations for choosing strong passwords.
HTH
Dana
