Networking

Chrome-based Browsers Have Loopholes that Enable Hackers to Infiltrate Wifi Routers

Refer to original article: https://hackercombat.com/chrome-based-browsers-have-loopholes-that-enable-hackers-to-infiltrate-wifi-routers/

Surecloud, a cybersecurity firm has released a report about a Google Chrome, Chromium, Opera, Vivaldi and other Blink-engine based browsers’ unpatched flaw that enables cybercriminals to penetrate the home wifi networks of unsuspecting users. Eliot Thompson, a Surecloud researcher, upon checking Chrome’s behavior as found a flaw on how the browser implements its saved password feature and the user’s bad habit of using the same password across many services, including the password for the Wi-Fi router’s configuration page. Google-based browsers have an inherent flaw of offering users to save passwords for sites, which include wi-fi configuration page, which is normally using an unencrypted http:// URL.

The password manager that came with Chrome saves not only passwords but also other information submitted in a web form. This can include anything from a name, address, birthdate and any personally identifiable information as demanded by a sign-up form. At the moment the home routers affected by the flaw include known mainstream brands like Belkin, Asus, and Netgear. Routers from other vendors are still being checked for the existence of the vulnerability to the Google Chrome exploit, but the common understanding is any router that uses plain http unencrypted wi-fi configuration page is affected. There is no way to change the behavior unless the router vendor issues a new firmware that will change the wi-fi configuration page to a TLS-encrypted URL.

USBHarpooning // BadUsb cable

I actually get to work with people who create these things. 

Check out this article: 
https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

The trio acted on an idea from Kevin Mitnick, who saw it put in practice by someone using the Twitter handle MG. He told Bleeping Computer that he asked MG if he could build a cable for him to use in a keynote speech to demonstrate new attack methods, but nothing happened.

Tenda support

Hello.
To whom this may concern.

I've bought several AC 1200 Tenda's

Right now my topology is 1 main ISP router -- a Tenda Wireless bridge to that device.

And then off the main router -- another tenda client mode AP.

**Note how one is configured towards the wireless bridge. The other is a wireless CLIENT+AP

So the purpose of this email is to ask what's going on when I say:

I have a device 400 feet away connected to the wireless bridge. 

I'm 400 feet closer. -- Connected to the Wireless AP -- 
I go to tendawifi.com -- 

**What's crazy is, i can see the device 400 feet away, when it's technically not even CONNECTED to this AP.

So what is going on? -- Are the devices hard coded to find tendawifi.com -- AND THEN store & Forward?

or is it an actual routing table the way it should be? -- Because these devices ARE statically set? they're just not reading the IP Table?

I'm baffled.
Especially when i unplug the Wireless AP -- not the bridge. -- the internet get's "Hella" better.

Tags: 

Apple macOS vulnerability paves the way for system compromise with a single click

Tampering with two lines of code unveiled a serious bug which could lead to full system compromise.

https://www.zdnet.com/article/apple-zero-day-vulnerability-permits-attacker-compromise-with-the-click-of-a-mouse/

Synthetic events are when attackers can virtually "click" objects in order to load code without user consent. If a threat actor is able to "click" a security prompt and load a kernel extension, this could lead to the full compromise of an operating system. -- Read more at the link above.

Here's a boost

I'm pulling 8.5Mbps from this picture. Check the red circle. I have my wifi router placed. And i'm picking WiFi from across the highway.

Kind of neat for 2018 if you ask me. No wireless repeating hubs. 1 wireless synchronization name.

Tags: 

Pages