[X4U] security

James Hurley jhurley0305 at sbcglobal.net
Fri Mar 2 15:27:55 PST 2007 

>
>Message: 3
>Date: Wed, 28 Feb 2007 15:24:20 +0000
>From: David Ledger <dledger at ivdcs.demon.co.uk>
>Subject: Re: [X4U] security
>To: x4u at listserver.themacintoshguy.com
>Message-ID: <a0624084fc20b3cc207fe@[192.168.0.7]>
>Content-Type: text/plain; charset="us-ascii" ; format="flowed"
>
>>From: James Hurley <jhurley0305 at sbcglobal.net>
>>I have a Mac OS X security question.
>>On BBC news this morning there was a warning about a new security
>>threat. I think it was called Farming.
>>
>>It allow someone to alter your router so that your browser will
>>direct you to a web site of their choice and not what you type into
>>the browser address box.
>
>I havn't heard of the threat myself yet. Such an attack would involve
>getting your system to use their DNS server to convert domain names
>to IP addresses rather than a real one. This has been known to be a
>possible problem since DNS was proposed. Your router will know the IP
>addresses of a couple or three DNS servers to use. It gets these
>either from the ISP they connect to at connection time or by you
>entering them manually.
>
>Some routers _may_ allow their configuration to be changed from
>outside world. My Netgear router and the SMC I had before that will
>not accept an admin login from the WAN side, only the LAN (your) side
>unless it is specifically enabled. The Netgear will allow you to set
>up an IP address (or range of IP addresses) on the Internet side from
>which you can log in (to the router). Even if you leave the router
>admin password at the default you can't log in to it from the outside
>world without allowing it.

Dave,

Thanks for the thoughtful response.

In the BBC newscast I referred to, the guest drew special attention 
to banking. He appeared to say that if I were to call up my bank's 
web site, a third party could direct me to their web site where I 
might unknowingly give them vital information.

He said that the greatest danger was with routers for which the 
default password was not changed. Apparently default passwords are 
well known. I subscribe to a large ISP (SBC, Souther Bell Corp.) and 
so the default password on the router they  provided may be common 
knowledge. It was for this reason that I was concerned.

During the installation process I recall no point at which a password 
was requested.

Thanks again for you help,

Jim

More information about the X4U mailing list