Beware Javascript Drive-By Shootings
Wow. Gangbangers sure are getting nerdy these days. Symantec is warning about what they call "drive-by" web attacks using javascript. Computerworld has the rundown.
That's what researchers at Symantec Corp. and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code.
For the attack to work, the bad guys would need a couple of things to go their way. First, the victim would have to visit a malicious Web site that served up the JavaScript. Second, the victim's router would have to still use the default password that it's pre-configured with it out of the box.
In tests, the researchers were able to do things like change firmware and redirect a D-Link Systems Inc. DI-524 wireless router to look up Web sites from a DNS (Domain Name System) server of their choosing. They describe these attacks in a paper (PDF format), authored by Sid Stamm and Markus Jakobsson of Indiana University, and Symantec's Zulfikar Ramzan.
