Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The upcoming Black Hat security conference in Las Vegas offers an annual parade of security researchers revealing new ways to break various elements of the Internet. But few of the talks have titles quite as alarming as one on this year's schedule: "How to Hack Millions of Routers."
Craig Heffner, a researcher with Maryland-based security consultancy Seismic, plans to release a software tool at the conference later this month that he says could be used on about half the existing models of home routers, including most Linksys, Dell, and Verizon Fios or DSL versions. Users who connect to the Internet through those devices and are tricked into visiting a page that an attacker has set up with Heffner's exploit could have their router hijacked and used to steal information or redirect the user's browsing.
Looks like all you need to do is change the default password on the router to stop this from working, assuming you have a vulnerable router.
That's not entirely correct. At the end of the day, the issue is that the exploit gives access to the router from the browser. Reflecting a vulnerability to that router becomes slightly less trivial, but many routers still have many software flaws.
Keeping your router's firmware up to date would also be recommended. Additionally, there may be other preventative methods revealed in the BH talk.
True enough, and I certainly think it's a good warning nonetheless, but the message about changing the password at least makes routine automated break-in of your network considerably more difficult. Most security, computer or otherwise, is relative.
My linksys WRT allows the http/s admin interface to be disable on both wifi and wan side interfaces. If you do that and use wifi, the only vector left that I can think of would be the dhcp server, and disabling that and using static addresses would sort that out.
Apart from that, how about adding an iptables block rule on the system you're using to browse from to stop it establishing a connection with ports on your router.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.