Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind the firewall.More info at PC World.
But at the RSA Conference in San Francisco, he will demonstrate how this attack would work on widely used routers, including those made by Cisco's Linksys division and D-Link.
The technique, called a DNS rebinding attack, would work on virtually any device, including printers, that uses a default password and a Web-based administration interface, said Kaminsky, who is director of penetration testing with IOActive.
Either way, the attacker would be able to control his victim's Internet communications.
Web attack could take over your router
Posted on Wednesday, Apr 09 2008 @ 04:46 CEST by Thomas De Maesschalck
Security researcher Dan Kaminsky says it's possible to seize control over certain routers with a web-based attack: