Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
This is one of the reasons why I use a linux box as my firewall, instead of an end-consumer router: >From http://www.gnucitizen.org/blog/hacking-the-interwebs > In his post, Adrian describes a mechanism where the victim visits a > malicious page, which makes use of a XSS vulnerability that exists within > the BT Home Hub router, in order to add a portforwarding rule within the > targeted device firewall. Once the XSSed SOAP request is actualized, the > attacker will be able to get access to an internal service over the > portforward. Given the fact that the attacker can change the primary DNS > server of the target router, as well, the problem seams to be more then > scary and very, very concerning. > ... > Also, keep in mind that 99% of home routers are vulnerable to this attack > as all of them support UPnP to one degree or another.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |