'Pharming' emerges as online threat

Washington Times ^ | Monday, May 2, 2005 | By Shaun Waterman

[JohnHuang2]

UNITED PRESS INTERNATIONAL

The nation's largest information security institute released its quarterly review of Internet threats today, highlighting the Web's growing vulnerability to a new form of online fraud called "pharming." The review also reveals that, for the first time, some security and anti-virus software is vulnerable to hackers, creating a dangerous high-level back door into users' systems. Analysts say pharming -- the redirecting of Internet users to Web pages without their knowledge -- could be used to obtain banking or other financial-services information.

[backhoe]

Crosslinked to my "general-purpose browser, PC, OS, and tech" post:

Browser Wars, take two

[hummingbird]

WOW! Tons of good reading and links...think I'll put Monday morning chores on hold and do a little reading! (Not a really big sacrifice!)

[adam_az]

Paging the InfoSec pinglist...
Let me know if you want to be 1 or 0. (That's ON or OFF, for those who are not binary-compliant)




More Here

SANS as a good technical reference to the issue here.

"Pharming" is directly a result of the recent DNS Cache Poisoning problems discovered in the Microsoft DNS Server. If your upstream DNS servers *are not* Microsoft, then you don't have much to worry about.... for now. Keep in mind that DNS cache poisoning has affected many other DNS platforms in the past, and will continue to. This is not a new issue, it's over a decade old.

As a good rule of thumb, when you sign in to a "secure" SSL site... make sure that if the SSL server cert makes your browser complain, you take a close look at what's going on.

[backhoe]

Thanks for looking.

[hummingbird]

No, thank YOU...LOL!

Actually, maybe you can help me out. My sister-in-law received an automated voice generated call asking if she would accept a collect call from an inmate or prisoner...someone like that...from jail. The language of the msg intimated that someone she knew was trying to reach her...she hung up. I recall a scam like this a while back. Are you familiar with anything like this?

[backhoe]

I've gotten those, and besides always refusing them ( only blood relatives I remember get allowed collect calls. ), the phone company told me it's common when prisoners get phone time for them to just try random numbers for the annoyance value. But I would not rule out hidden charges with a 'bot-generated call, either.

[hummingbird]

I guess if they have enough recreation time, annoyance calls might be just for giggles. It really spooked my s-i-l and got my "spidey senses" tingling trying to remember what the warning was about these type of calls. Probably an email I got...thanks for your help! If I come across anything, I'll "ping" ya!

[backhoe]

[Red Sea Swimmer]

I reckon bad Speling is an online threat aswell.

No offence to Tori...