Router - to whitelist or not?
Posted: Mon Jan 25, 2010 10:20 am
The router here needs JS for its web ui menus. Until now, I've whitelisted it.
With the recent publicity given to various holes in router modules etc, including on your own blog, is it possible for these scripting capabilities in the router to be subverted for other than UI operation - say if a router is getting run remotely after being hacked?
I am probably answering my own question but what would I know? Would it be wiser to only allow JS on-the-fly when accessing the router via its web interface?
thanks in advance for advice and for NoScript/ABE, which rocks
With the recent publicity given to various holes in router modules etc, including on your own blog, is it possible for these scripting capabilities in the router to be subverted for other than UI operation - say if a router is getting run remotely after being hacked?
I am probably answering my own question but what would I know? Would it be wiser to only allow JS on-the-fly when accessing the router via its web interface?
thanks in advance for advice and for NoScript/ABE, which rocks
-- because any cross-site attack from an internet web page gets blocked by ABE.