Tuesday, January 15, 2008

router Universal Plug and Play can allow access

(I found this article to be interesting...)

"...Universal Plug and Play can be combined with simple XSS attacks in order to create a powerful mechanism for remotely reconfiguring vulnerable routers without any means of authentication or authorization with the targeted device...UPnP can be exploited across the Web without the need of XSS...

"...the attacker can change the primary DNS server of the target router...

"...99% of home routers are vulnerable to this attack...

"The only way to protect yourself is to turn off UPnP...your skype or msn wont work as flawlessly as before..."
Share/Save/Bookmark

No comments: