All your base are belong to us: how to protect your router from DNS rebinding
By Luciana on August 5, 2010 | Vulnerabilities, router, router vulnerability, DNS rebinding, Black Hat, Defcon, phishing, security tips, Craig Heffner
BlackHat and DEFCON conferences revealed many cyber security issues. In wrong hands the information can be used for phishing or clickjacking or other attacks. But since it's shared with everyone, you can learn about the possible threats and make your computer more secure.
One of the most anticipated reports presented at the Black Hat was Craig Heffner's speech on the DNS rebinding vulnerability. What's the big deal about that? While the scheme is complex, here's the simplified explanation. You can control the work of a router via it's amin panel via web browser. In other words, there is an URL to each action and setting. Someone can make a link for you to click or the link may open automatically i.e. upon visiting a fraudulent website and this way you can unintentionally change the configuration of the router making it accessible for a remote hacker. Wait, routers have passwords, don't they? Turns out, if the password is the default one or if it's easy to guess (like "password" or "123456"), they attacker can compromise the whole network without you even realizing that. The researcher said the vulnerability affects more than thirty different routers including the most popular ones like Linksys WRT54G.
When a router is compromised, the attacker can load a fake website instead of the one you want to visit and you won't notice a difference. Phishers can steal lots of valuable information this way, i.e. online banking accounts, email logins and other.
What can you do before your network befriends a hacker? Here are some helpful tips to avoid DNS rebinding vulnerability.
* Change router password to a strong one. And hurry up if your current password is default.
* Make sure the firmware of your router is updated.
* Make sure HTTPS admin console is enabled.
* Make sure HTTP console is disabled (if your router has this option).
* Prevent the access of router's control panel from the external networks (look for the option on the admin console).
* Create a firewall rule preventing IPs from your local network from reaching the external IP of the router.
More Vulnerabilities news
Denial-of-service flaw is fixed by Oracle
Recently, Oracle released a patch which fixed denial-of-service vulnerability in the Oracle WebLogic Server, Application Server and iPlanet Web Server. In a security bulletin Oracle warned that "vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password." Oracle pointed out that a fix for the same vulnerability in the GlassFish Server was released last month. Read more.- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
- Adobe Reader targeted again: Acrobat vulnerability
- From „White hat“ Charlie Miller was turned to „Black hat“
- Temporary remedy against Dugu
- Malware distribution tendencies 2011
- Mac OS X Lion flaw gives opportunity attacker changing victim’s password
- Flaws have been detected in Symantec Endpoint Protection Manager
- New IE bug may expose your cookies
- Secret is not revealed but Facebook’s flaw is repaired
