Latest in Bug

Image credit:

Researcher creates malicious, router-controlling website

Joshua Topolsky
April 8, 2008
Share
Tweet
Share

Sponsored Links



Like having control of your connection to the internet? Don't tell Dan Kaminsky that -- the researcher has developed a method of DNS attack utilizing typical D-Link or Linksys routers that can allow hackers to gain command of your gear. The winner-takes-all maneuver, which is called a "DNS rebinding attack," functions by putting JavaScript into play that fools your browser into altering your router's configuration, thus letting the operator remotely administer the device. The concept isn't water-tight, as it takes advantage of easily-guessable router admin passwords, though Kaminsky says the enabling bug exists as a "core issue" for browsers. The attack will be showcased at tomorrow's RSA security conference, where it's hoped the demonstration will raise awareness about router security vulnerability. In the meantime, we suggest you change that default password.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
The best TV deals we could find for Black Friday

The best TV deals we could find for Black Friday

View
'Marvel's Avengers' hasn't turned a profit yet

'Marvel's Avengers' hasn't turned a profit yet

View
'Star Wars Squadrons' next-gen update brings 4K, 120 FPS tweaks

'Star Wars Squadrons' next-gen update brings 4K, 120 FPS tweaks

View
Amazon Web Services outage is affecting major sites and apps

Amazon Web Services outage is affecting major sites and apps

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr