UPnP combined with Flash may provide way of attacking computers

somanyholes · Jan 16, 2008, 11:59:29

Hey All

Thought this may be of interest to some.

http://www.thinkbroadband.com/news/3366-upnp-combined-with-flash-may-provide-way-of-attacking-computers.html

It's worth checking if your gateway has this enabled, not sure on the default settings for 2wire etc.

Rik · Jan 16, 2008, 12:07:02

AFAIK, the 2700 doesn't support UPnP, so we're safe. For most people, I would advise UPnP is turned off in Windows anyway - it's one of the first things I do.

Thanks for posting that, it's always good to be ahead of the game.

somanyholes · Jan 16, 2008, 12:17:08

Hey

Home hub hack below

http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-5

Plus more info, nicely written, and worth reading

http://www.gnucitizen.org/blog/hacking-with-upnp-universal-plug-and-play
http://www.gnucitizen.org/blog/hacking-the-interwebs

Rik · Jan 16, 2008, 12:21:12

It certainly makes you think, doesn't it. Perhaps we should all go back to communicating with a one-time pad encryption and employing runners to deliver the messages?

somanyholes · Jan 16, 2008, 12:35:04

I think your right, especially when you read number 10 on here

http://www.sans.org/2008menaces/?utm_source=web-sans&utm_medium=text-ad&utm_content=text-link_2008menaces_homepage&utm_campaign=Top_10__Cyber_Security_Menaces_-_2008&ref=22218

time to disconnect.....

Rik · Jan 16, 2008, 12:41:03

I've seen reports of issues with flash drives before. I always reformat them before use, but it really is becoming a minefield these days. Those of us who frequent this place, and others like it, are probably reasonably safe - but there's a lot of people out there who have no idea of the risks they face, or what steps they should be taking to protect themselves. Ultimately, they pose the biggest threat to us all.

somanyholes · Jan 16, 2008, 12:50:51

Thats very true, unfortunately we can't expect joe bloggs to be aware of all security aspects. People are only just starting to get it into their heads to have av/firewalls etc. Never mind, securing network devices, checking removable media, locking down their phones etc ....

Rik · Jan 16, 2008, 12:58:40

Which is why I believe that people should have to pass a basic security exam before being allowed to have an internet connection. It wouldn't stop them being stupid, but it might get some of them to think a little...

Gary · Jan 16, 2008, 13:02:42

Quote from: Rik on Jan 16, 2008, 12:41:03
I've seen reports of issues with flash drives before. I always reformat them before use, but it really is becoming a minefield these days. Those of us who frequent this place, and others like it, are probably reasonably safe - but there's a lot of people out there who have no idea of the risks they face, or what steps they should be taking to protect themselves. Ultimately, they pose the biggest threat to us all.

This was mentioned online Rik that sneaking malware into usb drives etc will be the new fashion in attacks this year, a bit like those hard drives last year that had something on them

Rik · Jan 16, 2008, 13:07:09

Caveat emptor has never had more meaning, Gary.

Gary · Jan 16, 2008, 13:08:57

Let the buyer beware indeed Rik