Monday, May 03, 2004

Two Interesting Computer Security Holes...

I want to shed some light on two computer security holes - one that I just learned about, the other that I have been harping on for some time:

  1. A new way to send pop-ups and defeat blocker tools Although the vast majority of Pop-up blockers do well against standard pop-up windows, some of them have learned how to exploit the window.showModalDialog() command in Javascript that is supported by IE (And I believe only IE) in versions 5+. What's even more annoying, you need to actually close or click in the window as it holds your browser hostage.

  2. I have often raved about the fact that many people don't bother to change ANY of the default settings on their wireless router - including the administrator password. Therefore, with information that you can glean off of wardriving (the make and model of an open Wireless AP) and the Internet (the default admin passwords are usually printed in the user's manual, most of which are available on-line from the manufacturer's website) a malicious user can now assume control of your AP - even lock you out of it at their own will.

    The new scary premise - they can use this to modify firmware and upload spyware into your ap.

No comments: