Drive by Pharming targets Broadband users.

I can at anytime use a few wireless routers around my house and access Internet without any problem because there is no security. Many a times I have walked over to the houses and advised them as how to secure there routers. Also most of these routers also act as gateway to Internet. So when I saw this security report on the SearchSecurity, I was not very surprised.
Millions of broadband users are at risk for a new kind of attack called drive-by pharming, which targets password weaknesses in the victim's router, researchers from Symantec Corp. and Indiana University warned Thursday.

The threat is greatest for those who don't change their default passwords after using them to bring the router online. According to an informal study by Indiana University, up to 50% of home broadband users fail to reset the password after installing their router.

"What worries me if that it's so simple for people to fall for this kind of attack," said Zully Ramzan, senior principal researcher for Symantec Security Response. "Most people connect to the Internet through broadband today, but they don't adequately protect their routers."

Attackers use this technique by luring the victim to a malicious Web site. Once the user is on that site, the attacker is able to use JavaScript to change the DNS settings on the router. "This gives the attacker complete discretion over which Web sites the victim visits on the Internet," Ramzan said. "For example, the user may think they are visiting their online banking Web site but in reality they have been redirected to the attacker's site."

While the threat affects mostly home users, Ramzan said enterprise environments are also at risk.

"A lot of people take their laptops home and work off their home router," he said. "One of the ways people break into networks is by stealing credentials from a compromised laptop."

His advice to users is to reset their router passwords at least once -- the day it is hooked up to the home or office computer system. If the password is changed every few months, that's even better.

Professor Markus Jakobsson of the Indiana University School of Infomatics the new attack technique shows how important the human factor is in security

"While drive-by pharming arises due to inadequate protective measures, there is also another human component: If an attacker can trick you into visiting his page, he can probe your machine," he said in a statement. "Deceit is not new to humankind, but it is fairly recently that security researchers started taking it seriously."

Tags: drive-by pharming, pharming

Zero vulnerabilities goes on auction at WSLabi

I was directed to WSLabi or WabiSabiLabi.com (pronounced wobby-sobby-lobby) by Brian Krebs on Computer Security (Security Fix Blog) on Washington post. In addition to the blog post, he has also written an article "Site Plans to Sell Hacks to Highest Bidder", yes alarming! But may be we should hold our horses a while, it is born out of the idea of helping out security researchers that do all the work in discovering all these vulnerabilities.
From WSLABI news release;
"A revolution in the way security research is handled and reported has occurred! WSLabi (www.wslabi.com), a neutral vendor independent Swiss laboratory, has launched a new international security research exchange. This exchange will create a portal where researchers, security vendors and software companies can interact in an open market to enable researchers to obtain the correct value for their findings. The exchange will become a global database of every IT security research ever found.

According to Herman Zampariolo, CEO of WSLabi, We decided to set up this portal for selling security research because although there are many researchers out there who discover vulnerabilities very few of them are able or willing to report it to the right people due to the fear of being exploited. Recently it was reported that although researchers had analyzed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362 per year. Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals."

Tags: WSLabi, cyber-criminals, vulnerabilities, IT security research, IT security