The Traders' Den  

  The Traders' Den > Where we go to learn ..... > Technobabble
 

Notices

Technobabble Post your general Need for Help questions here.
Lossy or Lossless?
Moderators

Reply
 
Thread Tools
  #1  
Old 2008-02-05, 02:33 AM
Positive Friction Positive Friction is offline
725.54 GB/590.97 GB/0.81
 
Join Date: Feb 2006
Icon4 FYI: Severe UPnP Flaw Allows Router Hijacking

Just a headsup for everyone as I know I missed this news last month.

http://www.informationweek.com/news/...leID=205800419

"A vulnerability in networking devices that support UPnP (Universal Plug and Play) can be exploited through a malicious SWF (Flash) file on a Web site, US-CERT warned Monday.

Visiting such a Web site may allow an attacker to reconfigure or take over devices connected to the victim's system that support UPnP. This includes routers, cameras, printers, mobile phones, and digital entertainment systems...Successfully executing the attack allows the attacker to take over the affected router, allowing him or her to bypass firewalls, access Web router administration pages, attack Internet hosts through the router, and alter networking settings."
Reply With Quote Reply with Nested Quotes
  #2  
Old 2008-02-06, 03:39 PM
Five's Avatar
Five Five is offline
189.30 GB/594.78 GB/3.14
 
Join Date: Oct 2004
Location: Canada
Re: FYI: Severe UPnP Flaw Allows Router Hijacking

after looking over here
http://www.gnucitizen.org/blog/flash-upnp-attack-faq

it seems that not even one person has been hit with this yet.

seems it might be a good idea to block flash and just enable it when you're using a flash-based site like youtube (also speeds up surfing). you can use flashblock extension for ff or in opera go to tools>quick preferences> and uncheck enable plugins. if you're using ie I'm not certain how to block flash (you're probably beyond help anyways in that case--just kidding! ).

if you're feeling clever you can disable UPnP and do things the old fashioned way.

seems that if this becomes any kind of a problem (i.e. one or more ppl affected by it) they will patch the security hole in the next release of flash, so its always good to stay updated.
__________________
Checksums Demystified | ask for help in Technobabble

thetradersden.org | ttd recommended free software/freeware webring
shntool tlh eac foobar2000 spek audacity cdwave vlc

Quote:
Originally posted by oxymoron
Here you are in a place of permanent madness, be careful!
Reply With Quote Reply with Nested Quotes
Reply

The Traders' Den > Where we go to learn ..... > Technobabble

Similar Threads
Thread Forum Replies Last Post
Search engine flaw - Stevolende Site Announcements & Suggestions 25 2009-08-05 08:28 PM
UpnP error - aegert Technobabble 1 2006-09-02 07:14 PM
does UPnP automatically forward ports? - Five Technobabble 7 2006-01-06 10:36 AM
"Converting" A Regular Router Into A Wirless Router? - thisistoto Technobabble 1 2005-10-11 03:08 AM


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forums


All times are GMT -5. The time now is 03:22 PM.


Powered by: vBulletin, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - , TheTradersDen.org - All Rights Reserved - Hosted at QuickPacket