Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Networking
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

RSA: Researcher: Web page can take over your router

By Robert McMillan
Comments
2
Recommended
129

Active Comments

Fred Dunn says: rebinding flaw in jscript. Also they are depending on the router having the default admin password. Anybody that didn't change...
Read the rest | Reply
Fred Dunn says: As it has the same capability of DNS Re-Pinning as the Sun Java JRE VM but only on ports 1024...
Read the rest | Reply
All Comments (2) | Post New


April 8, 2008 (IDG News Service) On Tuesday, researcher Dan Kaminsky will show how a Web-based attack could be used to seize control of certain routers.

Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind the firewall. But at the RSA Conference in San Francisco, he will demonstrate how this attack would work on widely used routers, including those made by Cisco Systems Inc.'s Linksys division and D-Link Corp.

The technique, called a DNS rebinding attack, would work on virtually any device that uses a default password and a Web-based administration interface, including printers, said Kaminsky, who is director of penetration testing at IOActive Inc.

Here's how it would work. The victim would visit a malicious Web page that would use JavaScript code to trick the browser into making changes on the Web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker's control.

Either way, the attacker would be able to control his victim's Internet communications.

The technical details of a DNS rebinding attack are complex, but essentially the attacker is taking advantage of the way the browser uses the DNS to decide which parts of the network it can reach.

Although security researchers had known that this type of hack was theoretically possible, Kaminsky's demo will show that it can work in the real world, said David Ulevitch, CEO of DNS service provider OpenDNS. "I'm always a fan of when something that's theoretical gets made real, because it makes people act," he said.

On Tuesday, OpenDNS will offer users of its free service a way to prevent this type of attack, and the company will also set up a Web site that will use Kaminsky's techniques to give users a means of changing the passwords of vulnerable routers.

The attack "underscores the need for people to be able to have more intelligence on the DNS," Ulevitch said.

Although this particular attack takes advantage of the fact that routers often use default passwords that can be easily guessed by the hacker, there is no bug in the routers themselves, Kaminsky said. Rather, the issue is a "core browser bug," he said.

Router makers have known for some time how their default passwords can be misused by attackers. Three months ago, hackers showed how a similar attack could be launched, exploiting a flaw in the way Universal Plug-and-Play works on PCs.


Reprinted with permission from

IDG.net
Story copyright 2008 International Data Group. All rights reserved.

Make a Comment Recommend Story Slashdot this Digg this
Print Story Send Feedback Email this Reprints

Related Content

Webcast: Web Threats Don't Discriminate
Whitepaper: Implementing VMware Server Virtualization on Juniper Networks Infrastructure

CW Report: Compterworld Technology Briefing: Intelligent Users Use Business Intelligence
IETF: Should we ignore the Kaminsky bug?
Internet domain system open to fraudulent attack, expert says
There's more to DNS flaws than we thought
Kaminsky: Many ways to attack with DNS
Firewall vendors scramble to fix problem with DNS patch

Today's Top Stories

Virtually every Windows PC at risk, says Secunia
Clues point to Jan. 13 release of Windows 7 beta
License server glitch exposes SonicWall users to e-mail security threats
Microsoft releases Vista SP2 beta
Too good to ignore: 6 alternative browsers
Feds nab more members of alleged identity theft gang

What People Are Saying

See comments | Add new
See comments | Add new

Resource Alerts

to receive Networking and Internet Resource Alerts

Webcasts

Windows Vista® Migration: What Really Happens? A Customer's Perspective

Real-time collaboration and development with IBM® Rational® Team Concert streamlines any project

Web Threats Don't Discriminate

Whitepapers

Designed to Manage Lean Principles

The 2008 ERP in Manufacturing Benchmark Report Summary

Implementing VMware Server Virtualization on Juniper Networks Infrastructure

Computerworld Reports

Computerworld Report- Large Enterprises Pay More for IPAM

Mobility @ the Speed of Business

Compterworld Technology Briefing: Intelligent Users Use Business Intelligence

Editor's Picks

Virtually every Windows PC at risk, says Secunia

Clues point to Jan. 13 release of Windows 7 beta

License server glitch exposes SonicWall users to e-mail security threats

Microsoft releases Vista SP2 beta

Too good to ignore: 6 alternative browsers

Feds nab more members of alleged identity theft gang

XenServer FREE trial
XenServer FREE trial
Citrix XenServer is the simplest and most effective way to virtualize and provision servers. XenServer combines comprehensive server virtualization capabilities with unparalleled scalability, performance, economics, and ease-of-use. Based on the open source Xen hypervisor, XenServer delivers fast performance, easy management, and advanced features such as live migration.

Request free trial now

Your Say
Chrome a Windows killer?
Anonymous wrote: Having to be connected to use apps that are not inherently dependent upon being connected is a liability...
[read the story | have your say]
Hot topics now:
White Papers
Accelerate your pursuit of perfection
For almost 80 years, Kodak has been helping banks, insurance companies, healthcare providers, government agencies and other businesses produce billions of document images. So Kodak is uniquely positioned to know and deliver–what customers want: easy-to-use scanners that output the best possible image quality.
Download this white paper now! 
TODAY'S TOP BLOG
Patrick Thibodeau:
Satellite images of U.S military bases Which is more important? Helping terrorists or protecting military bases? Answer: protecting Web 2.0 ... [more]
 

Keys to Microsoft application acceleration: advances in delivery systems
Simply designing a data center that only deploys more servers, more storage, and more devices significantly increases network complexity and cost. You can now ensure significantly faster access to the Microsoft applications your users depend on.

Download this whitepaper 
Next Gen Load Balancing: 8 Things You Need to Handle Today's Network Traffic
Learn how you can replace your aging load balancer with a true web application delivery appliance that provides 100% availability through full Layer 7 awareness and intelligent traffic management and delivers web apps with the highest performance and security possible.

Download this white paper 
Constellation Brands Case Study
Learn why a $6.5 billion international producer and marketer of alcoholic beverages chose Citrix NetScaler to increase Web app performance and ensure high availability of global intranet and public Web sites.

Download this case study 
Welch's Case Study
Learn why a large US food processor chose Citrix NetScaler to securely deliver a new Oracle ERP solution to external partners and remote users. You'll learn how Welch's was able to add 250 new users without expanding their IT staff or taxing the availability of their network resources.

Download this case study 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.