Apparently 2Wire routers have a serious security flaw that is currently being exploited. Their routers are vulnerable to something known as DNS rebinding. Basically, if you visit a bad site (or one that’s been infected), a script will run that will alter where your browser takes you after you type in a web address. This is very bad. For example, you go to check on your savings at yourhappylittlebank.com. Instead of going to the bank’s site, you’re taken to another one that looks exactly like it… but isn’t. You enter your login info and find that you can’t log in. Now hackers now have your account information! Sucks, huh? What’s even worse is that the vulnerability has been around for over 8 months, and 2Wire STILL hasn’t fixed it.

Are you at risk? Well, if you have DSL through AT&T or Qwest and got your router through them, you most likely are. What can you do? Well… not a whole lot at the moment, at least not until 2Wire gets off their collective butts and releases a patch. Download Firefox and the NoScript extension, and only allow sites you’re absolutely sure are safe. And just be really really really careful where you surf. @.@

Also in the news…

If you have a Linksys router and haven’t changed the default password, you’re vulnerable to the same thing! Fortunately, it’s easily fixed in this case, and for the technically un-savvy, OpenDNS created a service that makes it really easy to change it. While you’re at it, you might as well set your router to use OpenDNS. It’s a nifty replacement for your internet provider’s DNS server and offers automatic web address spelling-correction (i.e. google.cmo => google.com) and blocks phishing sites (sites that trick you into giving away your personal info). Also, it’s completely FREE!

Welp, that’s it for today. Hopefully I’ll make a habit of updating this thing. ^^