ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: Cisco Routers Vulnerable to Drive-by Pharming Attacks



úÁÂÁ×ÎÁÑ ÁÔÁËÁ...


>  -- Cisco Routers Vulnerable to Drive-by Pharming Attacks
> (22 February 2007)
> Cisco has posted a Security Response on its web site warning that
> 77 of its routers are vulnerable to what has been dubbed a drive-by
> pharming attack.  Users are urged to change the default user names and
> passwords on their routers. Cisco's posting describes which routers
> are vulnerable to the attack.  The flaw affects largely home and
> small business users, as enterprise-level routers generally require
> the default user names and passwords to be changed during set up.
> The attack could be exploited to alter the router's DNS settings,
> directing the users to phony web sites that could potentially be
> exploited by phishers.
> http://www.itnews.com.au/newsstory.aspx?CIaNID=46244
> http://www.cisco.com/warp/public/707/cisco-sr-20070215-http.shtml
> [Editor's Note (Pescatore): There is no real "drive-by" required for
> this, spyware or web malware can be used to launch the attack. It is
> really just a clever attack taking advantage of cases when a product
> doesn't force default passwords to be changed and when vulnerable
> capabilities are on by default.  Even consumer or SOHO grade products
> should have moved away from those conditions long ago. 
> (Grefer): This vulnerability is NOT limited
> to Cisco routers, but is rather a widely spread
> issue. http://www.itwire.com.au/content/view/9783/1095/ A reasonably
> comprehensive list of products, user IDs and passwords is located at
> http://www.phenoelit.de/dpl/dpl.html ]
> 



 




Copyright © Lexa Software, 1996-2009.