[YLUG] Web sites hacking router [was: Re: Router]

Harry Mills mail at hjmills.co.uk
Mon Sep 29 13:07:59 UTC 2008


I was more banking on the fact that if you have no active session with
the router and the password has been changed then any normal site should
not have the details to get in. By accessing the router from the secured
browser you prevent leaving sessions open for other sites (where you are
more likely to need js and addons like flash and adblock) and thus
preventing access.

On Mon, 2008-09-29 at 13:57 +0100, Arthur Clune wrote:
> On 29 Sep 2008, at 13:50, Harry Mills wrote:
> 
> > So in theory we should all use that separate browser we already use  
> > for
> > online banking etc (the one with no plugins, javascript turned off,  
> > run
> > as a completely unprivileged user with all history, temp files and
> > cookies deleted after each session and before starting etc) for our
> > routers as well.
> 
> No. Your router isn't malicious, so why would you do that?
> 
> The attack is that any *other* site can bounce out onto your private
> net. So if you router doesn't have a password, it's settings can be
> changed.
> 
> So you need to use that browser everywhere :)
> 
> Arthur
> 
> _______________________________________________
> York mailing list
> York at lists.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/york
-- 
Regards,
Harry Mills (mail at hjmills.co.uk)[http://hjmills.co.uk]{07935902814}

hackerkey://v4sw6HRUYhw6/7ln5
+8pr5FOPck5ma7/8u7FLw3DGNTUVWXm5l7ADUi52e6t4GLMRSTb8/9AHKLMOPSTen5aNs5MSr2p-2.75/-3.28g5ACGOPRTZ





More information about the York mailing list