What is Nostr?
BitcoinPoseidon / HodlFast ⚡⚓
npub1lqk…dxjj
2024-04-21 16:09:05

BitcoinPoseidon on Nostr: ...


quoting nevent1q…42kk
All Fritz!Box modems have been hijacked
https://crapts.org/2024/04/21/all-fritz-box-modems-have-been-hijacked/

> Fritz!Box modems are popular modems by the German company AVM. They are tailored to the some-what more experienced users who want to have more control over their network settings and they can often be used to replace the modem from your cable/DSL/fiber ISP. The company has been around for a long time and Fritz!Box devices are generally considered to be reliable and well worth the price. However, since the beginning of 2024 all of the Fritz!Box devices have been hijacked. In short, the DHCP server on these modems hands out leases with the DNS suffix fritz.box, which means that domains in DNS requests are appended with the suffix. Unfortunately, this setting cannot be modified. Normally this doesn't have to be a problem, but since the beginning of this year the fritz.box DNS suffix is an actual registered domain and the owner of this domain is not AVM or anyone affiliated to them. This is a very serious issue. DNS requests on a Fritz!Box home network now get forwarded to an unknown entity, which is a case of DNS hijacking. Not every OS deals with DNS suffices in the same way, but at least Windows applies the suffix for all DNS requests which means every DNS request done by a Windows user is now effectively hijacked. The consequences of this are significant: Fritz!Box users' internet behavior is now sent directly to an unknown party and are now prone to phishing attacks. As far as I know the latter hasn't happened yet, but it's bound to happen at some point if this is not resolved as soon as possible. Besides the security issues, this also has a negative effect on performance when the registered IP address isn't responding to the DNS requests. I myself have experienced Chrome and Slack to be very slow in resolving network requests after starting up my Windows laptop. AVM's response so far has been lacking except for a tweet that fritz.box domain is in the process of being sold.
Author Public Key
npub1lqkaxye70m3j2udpt6kr07gs9pynqlyddya5yw5zvcxktexm4tasvwdxjj