Login   |   Secure Purdue > News

Phishing reminder and a new UPnP attack vector

I just thought I would remind you all that under no circumstances will a Purdue employee request your password over email (or any other medium).  We're still seeing newly compromised accounts which appear to be due to people responding to the phishing attack.  Be careful out there and if you have any questions about an email feel free to send it along with all the headers to abuse@purdue.edu.

There's also a new attack vector using UPnP router devices.  For those of you out there with UPnP enabled on your wifi or lan router at home you should consider turning it off.  A couple of security researchers were able to demonstrate that using a cross-site scripting attack they could use javascript to send commands to a UPnP router and alter the configuration allowing new traffic through.  You can find more information about it here:  Attack Vector Targets UPnP

The only way to mitigate this issue is to disable UPnP on your device.

Posted by Douglas Couch on January 16, 2008, in Handlers Log.