Cisco says 77 of its routers open to 'drive-by pharming'
The easiest solution: Change the default password
Computerworld - Cisco Systems Inc. is warning users that nearly 80 of its routers are vulnerable to a hack tactic that got play last week.
Dubbed "drive-by pharming" by Symantec Corp. and university researchers who first publicized the danger in a paper, the attack involves luring users to malicious sites where a device's default password is used to redirect them to bogus sites. Once they are at those sites, their identities could be stolen or malware could be force-fed to their computers.
In an advisory posted Thursday, Cisco listed 77 vulnerable routers in the lines sold to small offices, home offices, branch offices and telecommuters. The advisory recommended that users change the default username and password required to access the router's configuration settings, and disable the device's HTTP server feature.
The paper, co-written by a Symantec researcher and two other researchers from Indiana University (download PDF), urged a similar move by router owners.
The researchers also argued that router makers should stop using blank or easy-to-guess passwords, such as "admin," and switch to the device's serial number. "This value, which is unique to each individual router, would comprise a very secure and unpredictable password," the report stated.
- Daily IT Blogwatch: Cisco gobbles IronPort (and Adam hates spam)
- Preston Gralla: Cisco: The Chinese dictators' best friend
- Eric Ogren: Cisco in the virtualized datacenters
- CJ Kelly: Cisco, Black Hat, and not so breaking news
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts