Home Wi-Fi Routers Are Easily Hackable

[prndll]

There is very little having an updated browser can do to limit malicious links. yes, certain browsers are sandboxed, have their own JAVA implementations, etc. etc, but at the end of the day, a malicious link can still be created.

This is why it is so VERY important to run with UAC turned on, and not run your user account as admin (maintain a separate admin account for local machine admin, and keep your primary user account limited). At least then you have a chance of protecting your local computer, as you know not to input a password, if you didn't specifically request making a change.

Links like these are the most common forms of successful exploits, because they work. No firewall will prevent them as they are a request from inside the LAN., and even seasoned internet/tech veterans are often fooled by realistic looking webpages and links.

One might argue that randomly clicking a link designed to take over your specific router, just when you have an authenticated session to it open, may be a bit of a stretch, but think about it.

Make an instructional website. "How to enable uPNP to make your Xbox games work on router XX", instruct them to log in, and bring up some arbitrary screen on the router, and "follow this link to the next page", and BAM!

Your preaching to the choir here
My comment on this was rhetorical.

What's more worrysome is that this is even possible through a browser. it has nothing to do with the routers but the browser itself. If executing such code is possible then nothing stops a malicious site code writer to do something that will make transactions if you happen to have a tab open with your online banking for example. Browser makers really need to secure their shit. It's insane how full of security holes browsers are now.

This is something I'm always talking about. Many of the same ole issues that have always plagued IE now have most other browsers turned into swiss cheese....specifically because of HTML5.

People are told that they have to stay up-to-date in order to stay safe....that sentiment is so very backwards now.

 

[Red Squirrel]

This is something I'm always talking about. Many of the same ole issues that have always plagued IE now have most other browsers turned into swiss cheese....specifically because of HTML5.

People are told that they have to stay up-to-date in order to stay safe....that sentiment is so very backwards now.

Yeah updates are just temp fixes because you know damn well another exploit will be out. Browsers need to be made secure by design so all these updates arn't needed.

 

[Benzino]

I look forward to setting up wireless in my new apartment after reading this. Only allow management from wired network + set up a guest-only wireless = at least a little more peace of mind. That's assuming your router has a guest-only wireless option, which I'm seeing in new routers more and more.

 

[prndll]

Yeah updates are just temp fixes because you know damn well another exploit will be out. Browsers need to be made secure by design so all these updates arn't needed.

That's precisely the kind of mockish thinking that gave us what we have. Your missing the point.

These updates ARE NOT meant for what you think they are. Take a look around you. What "fixes" are being done? Most of the very same things that caused so many issues with IE *STILL* exist. ALL other browsers are following suit.

Firefox 1 and 2 were both "sandboxed" from the get go (on install...by it's very nature) without question. Any problem they had was arguably minor and inconsequential compared to what we have now. What we have now is a direct result of "updating". It is beyond any conceivable notion of anything remotely called "security" that users should be perfectly willing to accept any browser that has the ability to turn on a webcam and mic via webpage code and feed that back to the server. Not to mention things like THIS article and a whole slew of other things that didn't exist just a few years ago.