<<< Date Index >>>     <<< Thread Index >>>

Re: Linksys WRT54 GL - Session riding (CSRF)



On Mon, 14 Jan 2008 12:58:17 CST, Jan Heisterkamp said:
> > A malicious link executing unnoticed by the administrator may open the 
> > firewall.
> 
> The catch is that this exploit don't work unnoticed, because the admin 
> get notification in the browser that there has occured an error with the 
> cerificate ["Unable to verify the identity of Linksys as a trusted 
> site"] and he has explicity allow it. In other words first he has to 
> allow to be attacked...

A very high percentage of Joe Sixpack "sysadmins" sitting at home surfing
for Nascar and pr0n will go "Yeah, whatever" and click OK anyhow.  A long time
ago, I stopped thinking that "User must click OK to scary-looking message"
was any sort of road bump for malware.

Attachment: pgpb8Dodzdcx0.pgp
Description: PGP signature