Text only | Text with Images

Clan x86

General Forums => General Discussion => Topic started by: drka on October 03, 2005, 12:38:00 AM

Title: Anti-Phishing Law
Post by: drka on October 03, 2005, 12:38:00 AM
http://it.slashdot.org/it/05/10/02/1444255.shtml?tid=172&tid=123
Title: Re: Anti-Phishing Law
Post by: Sidoh on October 03, 2005, 12:43:49 AM
I'm pretty sure if anyone got caught doing something like that they'd be in pretty big trouble, even before that law was passed.
Title: Re: Anti-Phishing Law
Post by: Quik on October 03, 2005, 01:04:09 AM
Phishing is old-hat, pharming is the current issue.
Title: Re: Anti-Phishing Law
Post by: Sidoh on October 03, 2005, 01:05:44 AM
Quote from: Quik on October 03, 2005, 01:04:09 AM
Phishing is old-hat, pharming is the current issue.
Pfff, pharming can't touch me.  I don't use domains, I'm all IP baby *touches nipple*
Title: Re: Anti-Phishing Law
Post by: Newby on October 03, 2005, 08:04:47 AM
GO ARNOLD! :p
Title: Re: Anti-Phishing Law
Post by: drka on October 03, 2005, 06:08:22 PM
Quote from: Quik on October 03, 2005, 01:04:09 AM
Phishing is old-hat, pharming is the current issue.
$100,000 is still a lot of money though :P

also according to wikipedia, pharming is a vulnerability in the DNS Server software. wouldnt that mean that all DNS Servers use the same software? cause that's just plain stupid.
Title: Re: Anti-Phishing Law
Post by: Newby on October 03, 2005, 06:09:58 PM
Quote from: Mangix on October 03, 2005, 06:08:22 PM
pharming is a vulnerability in the DNS Server software. wouldnt that mean that all DNS Servers use the same software? cause that's just plain stupid.

Where are my captain obvious pictures...

It's like a lot of web servers use Apache. Is that stupid too?
Title: Re: Anti-Phishing Law
Post by: drka on October 03, 2005, 06:14:05 PM
no. but if it is a vulnerability, then why hasnt it been fixed?
Title: Re: Anti-Phishing Law
Post by: Newby on October 03, 2005, 06:21:55 PM
Do we know?

Perhaps the developers DID fix it, and nobody has applied the patch yet?
Title: Re: Anti-Phishing Law
Post by: drka on October 03, 2005, 07:02:28 PM
so if it IS fixed, then Pharming wont be an issue anymore :P
Title: Re: Anti-Phishing Law
Post by: Quik on October 03, 2005, 07:31:51 PM
Quote from: Mangix on October 03, 2005, 06:14:05 PM
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
Title: Re: Anti-Phishing Law
Post by: Towelie on October 03, 2005, 07:33:14 PM
what is phishing and pharming ?  I feel stupid :-(
Title: Re: Anti-Phishing Law
Post by: iago on October 03, 2005, 07:41:14 PM
Phishing and Pharming are different issues, and are both important. 

Phishing is sending people (individuals) fake emails telling them to go to a site and put in their credit card number.  They do, and shit happens.  Phishers get trickier and trickier, google the term for more information. 

Pharming is similar to phishing, except instead of sending out emails, you abuse some server along the line to send everybody (or a large number of people) to the fake server. 

Pharming often uses DNS server problems.  There are different DNS softwares, most notably MS's and Bind.  Most servers use Bind.  Bind is a very old, open source much-audited program.  It's had a lot of vulnerabilities found and quickly past, and have always been very good at staying secure.  MS's.. well, they're MS. 

Pharming can also be done by abusing issues in cache servers.  The key words if you want to research further are "HTTP Response Splitting" and "HTTP Response Smuggling".  What they basically do is leave the wrong page in a server's cache.  Then, when somebody else goes through that caching server, they see the wrong page.  Lots of corporations and many ISP's do invisible caching on content, to help ease their bandwidth costs, so you can hit anybody on the OS for certain servers that are vulnerable to response splitting. 

(Just to clarify, the vulnerability isn't in the cache server, it's in the application at the other end)
Title: Re: Anti-Phishing Law
Post by: drka on October 03, 2005, 11:07:41 PM
Quote from: Quik on October 03, 2005, 07:31:51 PM
Quote from: Mangix on October 03, 2005, 06:14:05 PM
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
if you accually read my post, it said "according to wikipedia". if wikipedia sends out false info, then blame flame the people that made the article for giving out false info.
Title: Re: Anti-Phishing Law
Post by: Quik on October 03, 2005, 11:28:51 PM
Quote from: Mangix on October 03, 2005, 11:07:41 PM
Quote from: Quik on October 03, 2005, 07:31:51 PM
Quote from: Mangix on October 03, 2005, 06:14:05 PM
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
if you accually read my post, it said "according to wikipedia". if wikipedia sends out false info, then blame flame the people that made the article for giving out false info.

Don't worry, they're just dumbing it down for people like you.

If you want to be technical, it could be a vulnerability in how the software implements and handles the data/traffic etc.
Text only | Text with Images