RJ's blog - stuff that interests, frustrates and fasinates me RSS 2.0
 Friday, January 25, 2008

A recent article by Symantec warns of a pharming attack (redirecting your web traffic to another, fake website) that went from the "theoretical" to the "It’s being done now" category. For those that have a home network set up and have their own router, you should pay close attention to this. The goal of redirecting your traffic is to allow them to capture your username, password & account information for sensitive accounts (ie. Banks, Paypal, CreditCards, etc). The attack uses security flaws in some routers, or a lack of proper security measures by others, and changes your router settings. The change could occur from either an HTML based email, or by visiting a compromised website. 

Most people don’t change the default password on their routers. I know that by default Linksys routers have no username and a default password of Admin. One of the easiest ways to beefe up security and prevent these sort of attacks is to change these default settings. Assign / Change the username, and change the password. 

  • Username: don’t use the same name as you log into the computer with, use something unique.
  • Password: never use a simple to guess word, like one you would find in a dictionary. Mix letters, numbers and symbols.

The greater the variety, the harder it is to crack. There is a specific model of routers that doesn’t require any username or password to change the router settings, but I haven’t been able to determine that information yet. This would be a huge security risk, so if I find out what it is I’ll pass it along. There are some really good general security suggestions in the Symantec article, well worth reading.

Friday, January 25, 2008 1:58:15 PM (Central Standard Time, UTC-06:00)  #    Comments [0] -
utilities
Fundraising for LLS
TeamInTraining - Contribute Now
Archive
<November 2008>
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456


About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2008
Rich Werning
Sign In
All Content © 2008, Rich Werning
My DasBlog theme is modified from 'Business' created by Christoph De Baene (delarou)