Drive-By Pharming In the Wild

An anonymous reader writes "Symantec reported Tuesday that the first case of drive-by pharming, in which a hacker changes the DNS settings on a customer's broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild. The first drive-by pharming attack has been observed against a Mexican bank: 'It's associated with an e-mail pretending to be from a legitimate Spanish-language e-greeting card company, Gusanito.com,' says Symantec Security Response principal researcher Zulfikar Ramzan. Inside the e-mail is an HTML image tag but instead of displaying images, it sends a request to the home router to tamper with it."

Pfft

[Kalriath]

So, I suppose this "hack" fails entirely on any router which... well, either has a default password or (like any high end router) doesn't use HTTP basic authentication? No worries for me, my 3com is safe as houses.

Enough with the default passwords.

[GreggBz]

If Bioware can sell $30 software with unique CD-Keys printed on the inside of each jewel case, why can't Linksys sell $40 routers with unique admin passwords printed on each manual. Or better yet, make the default password the last 6 digits of the LAN side MAC address, that can't be terribly hard to manufacture.

Seriously, you could even honestly market them as "more secure."

Re:Enough with the default passwords.

[Compholio]

It would be trivial to use the LAN MAC address as the default password.

It would also be trivial for someone to run "arp" while connected to your access point. I agree that they need to use a random default password, but the MAC address would not be sufficient.

Re:Captcha?

[cheater512]

Or maybe force users to change the password.

Which one makes more sense? :P

Idiots with default passwords get pwnd, news at 11

nothing to see here... move along, folks

Re:Fankly, I'm suprised

I presume you're being funny. What you're doing there is just as likely to land you in the hoosegow as a suspected terrorist or something of that nature as it is to make you money. This is not a time in U.S. history where being a Good Samaritan is even remotely a good idea.

Re:Most Pooter owners too dumb to own one

[adolf]

Good advice.

But you forgot something: When a friend brings their PC/PSP/PS3/Wii/Xbox/iPhone/iPod over, and wants to use it with teh Intarwebs, go ahead and set it up and give them the passphrase and IP assignment, but make sure you destroy your friend before they leave.

You can't allow any chance of your uber-obscurity leaking outside, right? Eventually, you'll eliminate all of your friends, but that has the nice benefit of eliminating the potential leaks.

Naw, better to keep it simple. Don't run as root/admin. Set an unusual password (something other than your SO or child's name is adequate). Set a different, unusual, and lengthy, WAP passphrase. Use the strongest encryption you can with the devices on your network (AES, AES / TKIP, or just TKIP, in order of preference).

Done.

MAC filtering? Disabling DHCP? IP address range hide and seek?

Bullshit. All that does is make it harder for you and the people you trust to use the network. And if I, the creepy dude in the van across the street, get to a point where any of those stupid tricks will start to matter, they won't make any difference at all. If I'm clever enough to get past WAP, then I'm clever enough to clone a MAC address while sniffing past the rest of your security-through-obscurity features.

[And what's all that talk about serial ports? Are we still in 2008, or did we just jump back 10 years?]