[YLUG] Web sites hacking router [was: Re: Router]
Craig Genner
craig at tuxx.org.uk
Mon Sep 29 08:42:04 UTC 2008
On Sun, 28 Sep 2008 23:01:30 +0100, "Alex Howells" <alex at howells.me> wrote:
> 2008/9/28 Craig Genner <craig at tuxx.org.uk>:
>> Doesn't matter, it's been proven that certain scripts can run on your
> web
>> browser that are used to access the router. Because it's run from your
>> browser on the local lan then it has access to the web interface of your
>> router.
>>
>> These scripts can be put into a standard web page on any web server any
> where
>> in the world...
>
> </tinfoil>
>
> To be honest I think there are bigger risks than this to be looking
> out for everyday.
Yes and no.
1. User visits web site
2. Web site runs malicious script and logs into router
3. Web site opens ports on router (port forwarding or uPnP)
4. Malicious script alerts original web site
5. Orginal web site takes adantage of open ports to then attack pc direct
and install 'stuff'
6. PC is then remote controled by...
7. Profit!
It certainly isn't high on my list, but it's up there.
Craig
More information about the York
mailing list