How a Router gets auto-Hacked

Linksys Router
1. you visit some website.
2. malicious javascript code changes your router’s DNS settings.
3. you get phished (you get a fake website targeted to steal your credentials).

This is a CSRF (cross site request forgery) that only works if your router has the default password and/or is always logged on.

Solution:

1. use the NoScript extension for firefox. It works on a white-listing system.
2. or, simply change the default username/password and don’t save the password.

More at news.com

Did you like this post? you may want to:

- Read more about No Tags.
- Bookmark it at del.icio.us and digg it.
- Subscribe to our rss feed and get instant updates.

2 Responses to “How a Router gets auto-Hacked”

  1. xxx Says:
    May 3rd, 2007 at 1:57 am

    d’oh of course you should change the default password on your router :)

  2. Samer Says:
    May 10th, 2007 at 7:03 pm

    it doesn’t always use the default password. If your session is already established it could easily hijack it :)

Leave a Reply