I wanted to talk about a recent new attack, called Drive-ByPharming, which I co-developed with Sid Stamm and Markus Jakobsson ofthe Indiana University School of Informatics. It allows attackers tocreate a Web page that, simply when viewed, results insubstantive configuration changes to your home broadband router orwireless access point. As a result, attackers gain complete controlover the conduit by which you surf the Web, allowing them to direct youto sites they designed (no matter what Web address you direct your Webbrowser to).
I believe this attack has serious widespread implications andaffects many millions of users worldwide. Fortunately, this attack iseasy to defend against as well. In this blog entry, I’ll describe theattack, mention some prior related work, and then go over bestpractices.
How the attack works:
I’ll start with a high-level real-world analogy of this attack.Imagine that whenever you wanted to go to your bank,...