http://www.technewsworld.com/story/55820.html Attack Strategy
"The problem stems from inexpensive plug-and-play broadband routers, according to the researchers' proof-of-concept. These devices are shipped from the factory with a default password that most home users would never think to change. Hackers, however, are aware of the risk these unchanged passwords pose when combined with a Web site that includes malicious JavaScript code.
The attack is twofold. First, the hacker Latest News about hacker creates a phony Web page that includes the malignant JavaScript code. When a home user views the page, the code, running in the context of a Web browser, uses a technique known as Cross Site Request Forger and logs into the user's home broadband router, Ramzan explained. In general, these routers require a password to log into.
However, as most people do not change the default password, and detailed information on the factory set passwords is readily available online, criminals can successfully log into the router. Then, it is just a matter of allowing the JavaScript to go to work changing the router's settings. "
"I don't really find the attack all that ingenious," he said. "It simply takes advantage of a typically insecure area of the home user's network."
The Javascript component of the attack can only work if the router's password has not been changed. However, Fodale estimates that some 50 percent of consumers and small businesses currently use the default password setting.
FYI guys
