Talk:Pharming

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing   
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.
 
WikiProject Computing  
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 

Multiple attack vectors ascribed to pharming[edit]

It appears there are now several, entirely different, scams being referred to as "pharming".

The examples of ebay.de, Panix, etc., are social engineering, whereas "pharming" has also been used to describe an attack on the DNS resolution process itself -- http://www.wired.com/news/infostructure/0,1377,66853,00.html .

-- anonymous

additional attack vectors with external references:

DNS poisoning -- http://www.microsoft.com/athome/security/privacy/pharming.mspx

Host file, wildcards, trojon horse and DNS poisoning -- http://www.wired.com/news/infostructure/0,1377,66853,00.html

DNS poisoning, domain spoofing -- http://reviews.cnet.com/4520-3513_7-5670780-1.html

Drive by pharming and anti-DNS pinning -- www.cs.indiana.edu/pub/techreports/TR641.pdf, http://www.infoworld.com/article/07/02/23/HNsecondgoogledesktopattack_1.html

BGP route poisoning -- http://www.securityfocus.com/columnists/429 (a little too general)

Tanjstaffl 20:33, 12 March 2007 (UTC)

No need to explain how IP works[edit]

I think that the 1st paragraph of Explanation of Pharming should be removed. It is too basic and already explained in IP address and TCP_IP. At least, it should be cut.

ok

The term "hacker" seams to be used inappropriately though linked correctly. Using "black hat" in the text would make it more difficult to understand and using "cracker" might be unclear, too. I suggest trying to ship around the term in general. -- anonymous

leaves of the internet[edit]

What does "the most vulnerable points of compromise are near the leaves of the internet" mean? This is a little unclear.

This whole section needs a complete rewrite to be more encyclopedic and make more sense. --beefyt (talk) 06:00, 12 January 2009 (UTC)

Controversy over the term[edit]

perhaps searching for should lead to a dissambiguation page with links relating to cell based cloning protein production (pharming (genetics)) and the drug abuse one (unsure what that actually is anyway but i have heard of it) —Preceding unsigned comment added by 87.198.229.90 (talk) 15:42, 13 February 2009 (UTC)

I can't find that quote anywhere, except citations to this very article. Should it be removed? --Rotring 12:51, 23 February 2007 (UTC)

I think Rotring is right.

Now if you click to http://www.antiphishing.org/, the first header is "What is Phishing and Pharming?"

This is clearly an obsolete or possibly fictional quote.

Tanjstaffl 20:39, 12 March 2007 (UTC)

The lack of a proper citation might argue for its removal, but I am reasonably certain the quote is genuine, and compatible with the APWG's public web presence. PHB is a member of several working groups on web security, and has a slightly bombastic way of making pronouncements. It is entirely plausible that he could have made this comment to that group, and equally so that they might proceed to talk about pharming despite it.

JohnathFeb 20, 2008 —Preceding comment was added at 03:38, 21 February 2008 (UTC)

Philips routers can be manipulated even when the password has been changed[edit]

It appear that Philips routers are especially vulnerable because they accept cgi commands without a password. For the time being, this is original research (I don't own a Philops router), my source is https://bugzilla.mozilla.org/show_bug.cgi?id=371598 but it appears to me to be a very serious security threat.  Andreas  (T) 17:26, 25 February 2007 (UTC)

Philips has issued a firmare upgrade that fixes this  Andreas  (T) 01:20, 1 March 2007 (UTC)

How to protect against pharming[edit]

This section is incorrect, it describes using nslookup to do the lookup, but nslookup does not support reverse lookups in the way described... it is used to find a resolved address for a domain name.

To find the domain name for an ip address use a reverse lookup tool such as the one found here: http://www.zoneedit.com/lookup.html

To find out who owns an IP address use whois from www.arin.net.

Bproven 00:26, 1 March 2007 (UTC)

I agree the example is useless. If you are being pharmed then your nslookup will provide the same answer as your browser -- you are checking the same compromised DNS source in both cases. You must either direct your query to a trusted DNS server (might be impossible if a rootkit is present) or a valid external source on the web.

Tanjstaffl 19:55, 12 March 2007 (UTC)

Wrong year?[edit]

2007 should be 2008 for the Mexican Bank incident? —Preceding unsigned comment added by 212.242.152.94 (talk) 00:09, 23 January 2008 (UTC)

Changed it and added a ref to the article --Jdaskew (talk) 02:13, 23 January 2008 (UTC)

References section[edit]

Should the two orphaned items in the reference section ("Security: Phishing and Pharming" and "How Can We Stop Phishing and Pharming Scams?") be moved to External Links? They do not appear to be referenced in the article. --Jdaskew (talk) 02:35, 23 January 2008 (UTC)

Found a good article here: http://www.computereconomics.com/article.cfm?id=1099, this will make a good citation Tanjstaffl(talk) 17:53, 27 February 2010 (UTC)