Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Wednesday May 27 2015, @01:20PM   Printer-friendly
from the feeling-vulnerable dept.

For the first time, DNS redirection attacks against small office and home office (SOHO) routers are being delivered via exploit kits. French security researcher Kafeine said an offshoot of the Sweet Orange kit has been finding success in driving traffic from compromised routers to the attackers' infrastructure.The risk to users is substantial he said, ranging from financial loss, to click-fraud, man-in-the-middle attacks and phishing.

Perhaps it's time to demand OpenWrt compatibility? It's without backdoors by design, with continuous bug fixes, IPv6 support and unrestrained configuration capability. Embedded boxes seems to have a poor track record on bugs, transparency and robustness.


[Editor's Comment: Original Submission]

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Nerdfest on Wednesday May 27 2015, @03:31PM

    by Nerdfest (80) on Wednesday May 27 2015, @03:31PM (#188652)

    Typically there is authentication required, but many people will leave their session authenticated and few change their router's IP address which goes a long way towards mitigating the problem as well. Not allowing CSRF exploits would be the proper solution, but even just requiring re-autheintication before setup changes would also help.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday May 27 2015, @04:16PM

    by Anonymous Coward on Wednesday May 27 2015, @04:16PM (#188672)

    If you read about the exploit, they actually use Chrome as the primary vector because it allows it to discover info on the lan, including IP address and the gateway's address.

  • (Score: 2) by frojack on Wednesday May 27 2015, @06:06PM

    by frojack (1554) on Wednesday May 27 2015, @06:06PM (#188711) Journal

    Well at least routers aren't shipped with standard passwords any more. The default password is encoded to the serial number on any modern router.

    The configuration capability is usually restricted to a lan port. The exception is those routers you get from any ISP. They almost always have some sort of remote management capability.

    Personally, I move all routing and dns services into a linux box. I use WIFI routers as Access Points only. In the few cases that I ever have a carrier provided router/modem I set it for pass through operation and feed a linux or openbsd box configured as a router gateway.

    --
    No, you are mistaken. I've always had this sig.