Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

home router flaws



 This is one of the reasons why I use a linux box as my firewall, instead of 
an end-consumer router: 


>From http://www.gnucitizen.org/blog/hacking-the-interwebs

> In his post, Adrian describes a mechanism where the victim visits a 
> malicious page, which makes use of a XSS vulnerability that exists within 
> the BT Home Hub router, in order to add a portforwarding rule within the 
> targeted device firewall. Once the XSSed SOAP request is actualized, the 
> attacker will be able to get access to an internal service over the 
> portforward. Given the fact that the attacker can change the primary DNS 
> server of the target router, as well, the problem seams to be more then 
> scary and very, very concerning. 
> ... 
> Also, keep in mind that 99% of home routers are vulnerable to this attack 
> as all of them support UPnP to one degree or another. 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org