News:

Happy New Year! Yes, the current one, not a previous one; this is a new post, we swear!

Main Menu

Anti-Phishing Law

Started by drka, October 03, 2005, 12:38:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Sidoh

#1
October 03, 2005, 12:43:49 AM
I'm pretty sure if anyone got caught doing something like that they'd be in pretty big trouble, even before that law was passed.

Quik

#2
October 03, 2005, 01:04:09 AM
Phishing is old-hat, pharming is the current issue.
Quote[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Sidoh

#3
October 03, 2005, 01:05:44 AM
Quote from: Quik on October 03, 2005, 01:04:09 AM
Phishing is old-hat, pharming is the current issue.
Pfff, pharming can't touch me.  I don't use domains, I'm all IP baby *touches nipple*

Newby

#4
October 03, 2005, 08:04:47 AM
GO ARNOLD! :p
- Newby
http://www.x86labs.org

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote from: Rule on June 30, 2008, 01:13:20 PM
Quote from: CrAz3D on June 30, 2008, 10:38:22 AM
I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

drka

#5
October 03, 2005, 06:08:22 PM
Quote from: Quik on October 03, 2005, 01:04:09 AM
Phishing is old-hat, pharming is the current issue.
$100,000 is still a lot of money though :P

also according to wikipedia, pharming is a vulnerability in the DNS Server software. wouldnt that mean that all DNS Servers use the same software? cause that's just plain stupid.

Newby

#6
October 03, 2005, 06:09:58 PM
Quote from: Mangix on October 03, 2005, 06:08:22 PM
pharming is a vulnerability in the DNS Server software. wouldnt that mean that all DNS Servers use the same software? cause that's just plain stupid.

Where are my captain obvious pictures...

It's like a lot of web servers use Apache. Is that stupid too?
- Newby
http://www.x86labs.org

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote from: Rule on June 30, 2008, 01:13:20 PM
Quote from: CrAz3D on June 30, 2008, 10:38:22 AM
I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

drka

#7
October 03, 2005, 06:14:05 PM
no. but if it is a vulnerability, then why hasnt it been fixed?

Newby

#8
October 03, 2005, 06:21:55 PM
Do we know?

Perhaps the developers DID fix it, and nobody has applied the patch yet?
- Newby
http://www.x86labs.org

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote from: Rule on June 30, 2008, 01:13:20 PM
Quote from: CrAz3D on June 30, 2008, 10:38:22 AM
I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

drka

#9
October 03, 2005, 07:02:28 PM
so if it IS fixed, then Pharming wont be an issue anymore :P

Quik

#10
October 03, 2005, 07:31:51 PM
Quote from: Mangix on October 03, 2005, 06:14:05 PM
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
Quote[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Towelie

#11
October 03, 2005, 07:33:14 PM
what is phishing and pharming ?  I feel stupid :-(

iago

#12
October 03, 2005, 07:41:14 PM
Phishing and Pharming are different issues, and are both important. 

Phishing is sending people (individuals) fake emails telling them to go to a site and put in their credit card number.  They do, and shit happens.  Phishers get trickier and trickier, google the term for more information. 

Pharming is similar to phishing, except instead of sending out emails, you abuse some server along the line to send everybody (or a large number of people) to the fake server. 

Pharming often uses DNS server problems.  There are different DNS softwares, most notably MS's and Bind.  Most servers use Bind.  Bind is a very old, open source much-audited program.  It's had a lot of vulnerabilities found and quickly past, and have always been very good at staying secure.  MS's.. well, they're MS. 

Pharming can also be done by abusing issues in cache servers.  The key words if you want to research further are "HTTP Response Splitting" and "HTTP Response Smuggling".  What they basically do is leave the wrong page in a server's cache.  Then, when somebody else goes through that caching server, they see the wrong page.  Lots of corporations and many ISP's do invisible caching on content, to help ease their bandwidth costs, so you can hit anybody on the OS for certain servers that are vulnerable to response splitting. 

(Just to clarify, the vulnerability isn't in the cache server, it's in the application at the other end)

drka

#13
October 03, 2005, 11:07:41 PM
Quote from: Quik on October 03, 2005, 07:31:51 PM
Quote from: Mangix on October 03, 2005, 06:14:05 PM
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
if you accually read my post, it said "according to wikipedia". if wikipedia sends out false info, then blame flame the people that made the article for giving out false info.

Quik

#14
October 03, 2005, 11:28:51 PM
Quote from: Mangix on October 03, 2005, 11:07:41 PM
Quote from: Quik on October 03, 2005, 07:31:51 PM
Quote from: Mangix on October 03, 2005, 06:14:05 PM
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
if you accually read my post, it said "according to wikipedia". if wikipedia sends out false info, then blame flame the people that made the article for giving out false info.

Don't worry, they're just dumbing it down for people like you.

If you want to be technical, it could be a vulnerability in how the software implements and handles the data/traffic etc.
Quote[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny
Print
Go Up Pages1
User actions