Update: Thank you to Zulfikar to pointing me to the real website where this was first discussed and indeed there was mention of Jeremiah’s work. Snarky comment now only applies to eWeek’s coverage, and my apologies to Zulfikar for my unfair comment - as it wasn’t him who said this.
Cross Site Scripting Talk at Blackhat - July 25th, 2006 (where I first mention attacking network devices)
XSS talk at BlackHat - July 1st, 2006 (where I first mention attacking other layers of the OSI model)
While not in any way at all new, it’s interesting to hear the statistics that 50% of home routers are vulnerable to this form of attack. Pharming is one of those things I have always scoffed at, because before this attack they primarily relied on DNS hacking (not of the home user’s DSL connection but of the DNS server they used). It’s a slightly different take on the same old hack, that has some interesting implications.
So, while not new, it’s another take on pharming, which I had pretty much thought was a dead topic. I guess we’re bringing it back, and calling it new. While we’re at it, I’m going to invent the Internet again. Al Gore will be pissed, but so what? /snarky