Millions Vulnerable to New Hack Attack

Security firm Symantec and the Indiana University School of Informatics have discovered a new type of security threat that could leave up to 50 percent of home broadband users susceptible to attack.

Called "drive-by pharming," the threat is focused on home routers, which can be reconfigured and directed to a malicious Web site if default settings and passwords are being used.

With traditional pharming, an attacker redirects a user from a legitimate Web site to a bogus Web site that contains malicious code. Pharming attacks can be executed by either changing the host file on a victim's PC or manipulating a domain name system (DNS) server.

In the new scheme, when a user visits a malicious Web site, an attacker is able to remotely change the DNS settings on the broadband router or wireless access point and reroute requests for legitimate sites, like online banking sites or financial institutions, to bogus sites designed to steal login information.

Default Passwords

The security team that examined the issue believes that the problem potentially affects millions of broadband users worldwide, and that the attacks can be easily launched.

The researchers urged users to protect their broadband routers and wireless access points by changing their default passwords.

Drive-by pharming is dangerous not only because it directs users to malicious sites, but also because an attacker can permanently change router settings, exposing unwitting victims to ongoing attacks.

"This new research exposes a problem affecting millions of broadband users worldwide," Oliver Friedrichs, director of Symantec Security Response, said in a statement. "Because of the ease by which drive-by pharming attacks can be launched, it is vital that consumers adequately protect their broadband routers and wireless access points today."

Symantec recommends that users should change their default passwords and= employ a multilayered security strategy consisting of an Internet security program that combines antivirus, firewall, intrusion detection, and vulnerability protection. Also important, the research team noted, is avoiding clicking on links that seem suspicious.

User Education

But the main issue, according to Sophos senior technology consultant Graham Cluley, is that many users either do not change settings or use the password supplied by the manufacturer. Many devices are given obvious passwords for shipping and setup, such as "administrator" or "password," which Cluley noted are very easy for hackers to guess.

"For the sake of thirty seconds' effort, home users may be leaving themselves dangerously open to attack by not changing their passwords," he said.

While the great likelihood of attack predicted by Symantec could have some effect on user education, Cluley said he hopes that router makers will also take notice and design their software to be more insistent about changing default passwords.

"More prominent warnings that passwords have not been changed from their default might help encourage users to take this relatively simple step," he said. An additional line of defense is to disable JavaScript on untrusted Web sites, he added.

Source: Atomic Park

Iran Bans YouTube; Other Western Sites

Iran yesterday blocked a number of top Web sites. Among them are YouTube, Web encyclopedia, Wikipedia and Amazon.com. Other sites that are being censored are the online movie database IMBD.com, news services like the New York Times and BBC Farsi.

The YouTube ban could be in response to a well-known Iranian soap opera actress for engaging in "indecent" behavior with a former boyfriend.

Reporters Without Borders, a Paris based press rights group said, "The government is trying to create a digital border to stop culture and news coming from abroad-a vision of the Net which is worrying for the country's future". The group also said that the Iranian government issued a ban on high-speed Internet connections in October.

The ban was ordered by senior judiciary officials in efforts to rid their country of western influences. This is in line with Iran's Islamist president, Mahmoud Ahmadinejad agenda.

Iran boasts a large number of online users. The estimated number is 7.5 million Internet users. They are second in the Middle East behind Israel. They also have a large number of bloggers, over 100,000 that are an alternative to Iran's suppressed media outlets. Reporters Without Borders says Iran is one of 13 countries to be considered "enemies of the Internet". Among some of the countries known for known for online censorship are China, Cuba, Egypt, Saudi Arabia, North Korea and Syria.

"The Iranian government policy is not an isolated case. It is getting closer and closer to that of the authorities in China, with particular stress being laid on the censorship of cultural output", said Reporters Without Borders.

The Internet is not the only media that has been censored. Iranian publishing has also banned scores of books including classics from the west. Bloggers have also been intimidated by the government or jailed despite the President starting his own blog back in August.