Author Topic: "pharming"  (Read 4512 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
"pharming"
« on: March 14, 2005, 02:50:43 pm »
http://www.wired.com/news/infostructure/0,1377,66853,00.html?tw=rss.PRV

Some pretty good information on a newer practice of social engineering called "pharming".

It also discusses something called "DNS Cache Poisoning", which is something I want to do to "bnls.valhallalegends.com" to steal cdkeys and passwords ;)

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: "pharming"
« Reply #1 on: March 14, 2005, 07:02:08 pm »
We've had this conversation before, and it doesn't seem like anything really new. There's a plugin for Firefox that tells you exactly what page you are on. This is helpful if you're on some obscure URL, it tells you the basic yoursite.com location, to prevent such things. Very useful against host editing and redirection attacks.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: "pharming"
« Reply #2 on: March 15, 2005, 03:38:48 am »
I'm unsure if that can get around host editing or dns spoofing, actually.  I'll have to have a look.

The only real way to avoid the problem is to only "trust" authorized https sites (with complete CA certificates issued by a certifier you trust).

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: "pharming"
« Reply #3 on: March 19, 2005, 07:03:43 pm »
Yes. Trust "iago" over "x86labs.org" I say! ;)
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Krazed

  • x86
  • Hero Member
  • *****
  • Posts: 1822
    • View Profile
Re: "pharming"
« Reply #4 on: April 15, 2005, 10:02:22 am »
Quote
"I believe that DNS-poisoning pharmers will become more of a threat this year, as there is money to be made on a large scale here," said Patrick Hinojosa, chief technical officer at Panda Software, a security technology provider.

"If the right domain can be hijacked or the right DNS record poisoned, a group could make off with data that could be used to accomplish huge financial rip-offs. The problem is that the end user sitting at his computer thinks he's at the correct site because he typed the right URL into the browser," Hinojosa said.

Whos in?  :P
It is good to be good, but it is better to be lucky.

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: "pharming"
« Reply #5 on: April 15, 2005, 05:52:10 pm »
I'd be interested in doing something on that large of a scale, Arcon. :p
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny