Why it’s important to always change all the default passwords
A brilliant and relatively simple exploit has had it’s concept proven – a javascript attack on your network router, from within your own network. Basically, the script, if the default password hasn’t been changed, is able to log into your router’s configuration pages from within your own network (making any kind of network security/encription useless), and changes the DNS server settings so the domain name requests are handled by a server that will lead some of the requests to fake phishing servers, or to transparent proxy servers to get access to all your logins and passwords.
Imagine that you use the online banking service of bank xyz on www.xyz.com – with this exploit, when your browser requests the IP address of www.xyz.com, instead of the real IP address, it will receive the address of either a server that looks exactly like your bank’s website, or you connections will be routed through a proxy server that will act like an invisible go-in-between, relaying the content both ways, but storing everything.
This is just one more reason why the default passwords of everything should be changed.
Just put in a password. Would like to see the script, seems amazing client-side Javascript can do that.