Author Topic: Anti-Phishing Law  (Read 5160 times)

0 Members and 1 Guest are viewing this topic.

Offline drka

  • ffdshow > in_mp3.dll
  • Full Member
  • ***
  • Posts: 330
    • View Profile

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Anti-Phishing Law
« Reply #1 on: October 03, 2005, 12:43:49 am »
I'm pretty sure if anyone got caught doing something like that they'd be in pretty big trouble, even before that law was passed.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Anti-Phishing Law
« Reply #2 on: October 03, 2005, 01:04:09 am »
Phishing is old-hat, pharming is the current issue.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Anti-Phishing Law
« Reply #3 on: October 03, 2005, 01:05:44 am »
Phishing is old-hat, pharming is the current issue.
Pfff, pharming can't touch me.  I don't use domains, I'm all IP baby *touches nipple*

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Anti-Phishing Law
« Reply #4 on: October 03, 2005, 08:04:47 am »
GO ARNOLD! :p
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline drka

  • ffdshow > in_mp3.dll
  • Full Member
  • ***
  • Posts: 330
    • View Profile
Re: Anti-Phishing Law
« Reply #5 on: October 03, 2005, 06:08:22 pm »
Phishing is old-hat, pharming is the current issue.
$100,000 is still a lot of money though :P

also according to wikipedia, pharming is a vulnerability in the DNS Server software. wouldnt that mean that all DNS Servers use the same software? cause that's just plain stupid.

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Anti-Phishing Law
« Reply #6 on: October 03, 2005, 06:09:58 pm »
pharming is a vulnerability in the DNS Server software. wouldnt that mean that all DNS Servers use the same software? cause that's just plain stupid.

Where are my captain obvious pictures...

It's like a lot of web servers use Apache. Is that stupid too?
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline drka

  • ffdshow > in_mp3.dll
  • Full Member
  • ***
  • Posts: 330
    • View Profile
Re: Anti-Phishing Law
« Reply #7 on: October 03, 2005, 06:14:05 pm »
no. but if it is a vulnerability, then why hasnt it been fixed?

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Anti-Phishing Law
« Reply #8 on: October 03, 2005, 06:21:55 pm »
Do we know?

Perhaps the developers DID fix it, and nobody has applied the patch yet?
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline drka

  • ffdshow > in_mp3.dll
  • Full Member
  • ***
  • Posts: 330
    • View Profile
Re: Anti-Phishing Law
« Reply #9 on: October 03, 2005, 07:02:28 pm »
so if it IS fixed, then Pharming wont be an issue anymore :P

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Anti-Phishing Law
« Reply #10 on: October 03, 2005, 07:31:51 pm »
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Towelie

  • pwnstar
  • x86
  • Hero Member
  • *****
  • Posts: 4873
    • View Profile
Re: Anti-Phishing Law
« Reply #11 on: October 03, 2005, 07:33:14 pm »
what is phishing and pharming ?  I feel stupid :-(

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Anti-Phishing Law
« Reply #12 on: October 03, 2005, 07:41:14 pm »
Phishing and Pharming are different issues, and are both important. 

Phishing is sending people (individuals) fake emails telling them to go to a site and put in their credit card number.  They do, and shit happens.  Phishers get trickier and trickier, google the term for more information. 

Pharming is similar to phishing, except instead of sending out emails, you abuse some server along the line to send everybody (or a large number of people) to the fake server. 

Pharming often uses DNS server problems.  There are different DNS softwares, most notably MS's and Bind.  Most servers use Bind.  Bind is a very old, open source much-audited program.  It's had a lot of vulnerabilities found and quickly past, and have always been very good at staying secure.  MS's.. well, they're MS. 

Pharming can also be done by abusing issues in cache servers.  The key words if you want to research further are "HTTP Response Splitting" and "HTTP Response Smuggling".  What they basically do is leave the wrong page in a server's cache.  Then, when somebody else goes through that caching server, they see the wrong page.  Lots of corporations and many ISP's do invisible caching on content, to help ease their bandwidth costs, so you can hit anybody on the OS for certain servers that are vulnerable to response splitting. 

(Just to clarify, the vulnerability isn't in the cache server, it's in the application at the other end)

Offline drka

  • ffdshow > in_mp3.dll
  • Full Member
  • ***
  • Posts: 330
    • View Profile
Re: Anti-Phishing Law
« Reply #13 on: October 03, 2005, 11:07:41 pm »
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
if you accually read my post, it said "according to wikipedia". if wikipedia sends out false info, then blame flame the people that made the article for giving out false info.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Anti-Phishing Law
« Reply #14 on: October 03, 2005, 11:28:51 pm »
no. but if it is a vulnerability, then why hasnt it been fixed?

You know, MyndFyre used to have a message in his signature about killing all stupid people. This would be the solution to your problem.

No, but really. It's not a vulnerability in the software, afaik, but the way that type of thing has been implemented. iago knows this subject more than I do, but it has to do with the availablity of hijacking and whatnot.
if you accually read my post, it said "according to wikipedia". if wikipedia sends out false info, then blame flame the people that made the article for giving out false info.

Don't worry, they're just dumbing it down for people like you.

If you want to be technical, it could be a vulnerability in how the software implements and handles the data/traffic etc.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny