Drive-by Pharming Alert
It has recently hit the news that a few clever researchers have put together a rather clever and potentially devastating pharming attack aimed at consumer-level wireless routers. All that's required for a router to be "Drive-by Pharmed" is to have a user connected behind that router to visit a special evil webpage.
And then the attacker basically owns the victim's web connection.
In other words, once the attack has done its work, any browser on your network can be silently redirected to any site (legitimate or otherwise) that the attacker wishes. The browser or OS you happen to be using doesn't matter.
Apparently there are at least 77 Cisco devices that are vulnerable to this (for now) proof-of-concept attack. Symentec has a nice article detailing the mechanics of the attack, as well as nifty flash video for those who don't feel like reading. Suffice it to say, it would be a very bad thing for this attack to start cropping up in the wild. However, there are some very simple and relatively easy steps that everyone can take to protect themselves.
- Change your router's password. There is no excuse not to. Seriously.
- Don't browse recklessly. Yes, I know those shady corners of the Internet are loads of fun, but they aren't worth getting your computer "totally pwned". Just be careful and use some common sense when clicking around.