3:20 PM -- I used to actually worry about my neighbor war driving or piggybacking off my WLAN. But did that get me to change the default password on my wireless router?
(OK, so first you should know that I live in a remote, mountainous area, where a next-door neighbor is a hike away. So piggybacking and war driving would be tricky, to say the least.)
But this latest "no-need to be nearby to drive-by" pharming exploit, developed by researchers at Symantec and Indiana University, has prompted a sudden interest in my WLAN router's password documentation. And if you've been lax about locking down your home or small business broadband router or WAP, the researchers say you'd better do the same. (See New 'Drive-By' Attack Is Remote.)
Perhaps the most disturbing part about this proof-of-concept attack is that it goes after such an obvious, and oft-neglected, entry point. Default broadband router settings are mostly public knowledge, and the public mostly ignores the fact they need to reset them.
Kelly Jackson Higgins, Senior Editor, Dark Reading
Symantec Corp. (Nasdaq: SYMC)