|WikiProject Computer Security / Computing|
Multiple attack vectors ascribed to pharming
It appears there are now several, entirely different, scams being referred to as "pharming".
The examples of ebay.de, Panix, etc., are social engineering, whereas "pharming" has also been used to describe an attack on the DNS resolution process itself -- http://www.wired.com/news/infostructure/0,1377,66853,00.html .
additional attack vectors with external references:
DNS poisoning -- http://www.microsoft.com/athome/security/privacy/pharming.mspx
Host file, wildcards, trojon horse and DNS poisoning -- http://www.wired.com/news/infostructure/0,1377,66853,00.html
DNS poisoning, domain spoofing -- http://reviews.cnet.com/4520-3513_7-5670780-1.html
Drive by pharming and anti-DNS pinning -- www.cs.indiana.edu/pub/techreports/TR641.pdf, http://www.infoworld.com/article/07/02/23/HNsecondgoogledesktopattack_1.html
BGP route poisoning -- http://www.securityfocus.com/columnists/429 (a little too general)
Tanjstaffl 20:33, 12 March 2007 (UTC)
No need to explain how IP works
The term "hacker" seams to be used inappropriately though linked correctly. Using "black hat" in the text would make it more difficult to understand and using "cracker" might be unclear, too. I suggest trying to ship around the term in general. -- anonymous
leaves of the internet
What does "the most vulnerable points of compromise are near the leaves of the internet" mean? This is a little unclear.
- This whole section needs a complete rewrite to be more encyclopedic and make more sense. --beefyt (talk) 06:00, 12 January 2009 (UTC)
Controversy over the term
perhaps searching for should lead to a dissambiguation page with links relating to cell based cloning protein production (pharming (genetics)) and the drug abuse one (unsure what that actually is anyway but i have heard of it) —Preceding unsigned comment added by 220.127.116.11 (talk) 15:42, 13 February 2009 (UTC)
I can't find that quote anywhere, except citations to this very article. Should it be removed? --Rotring 12:51, 23 February 2007 (UTC)
I think Rotring is right.
Now if you click to http://www.antiphishing.org/, the first header is "What is Phishing and Pharming?"
This is clearly an obsolete or possibly fictional quote.
Tanjstaffl 20:39, 12 March 2007 (UTC)
The lack of a proper citation might argue for its removal, but I am reasonably certain the quote is genuine, and compatible with the APWG's public web presence. PHB is a member of several working groups on web security, and has a slightly bombastic way of making pronouncements. It is entirely plausible that he could have made this comment to that group, and equally so that they might proceed to talk about pharming despite it.
Philips routers can be manipulated even when the password has been changed
It appear that Philips routers are especially vulnerable because they accept cgi commands without a password. For the time being, this is original research (I don't own a Philops router), my source is https://bugzilla.mozilla.org/show_bug.cgi?id=371598 but it appears to me to be a very serious security threat. Andreas (T) 17:26, 25 February 2007 (UTC)
How to protect against pharming
This section is incorrect, it describes using nslookup to do the lookup, but nslookup does not support reverse lookups in the way described... it is used to find a resolved address for a domain name.
To find the domain name for an ip address use a reverse lookup tool such as the one found here: http://www.zoneedit.com/lookup.html
To find out who owns an IP address use whois from www.arin.net.
Bproven 00:26, 1 March 2007 (UTC)
I agree the example is useless. If you are being pharmed then your nslookup will provide the same answer as your browser -- you are checking the same compromised DNS source in both cases. You must either direct your query to a trusted DNS server (might be impossible if a rootkit is present) or a valid external source on the web.
Tanjstaffl 19:55, 12 March 2007 (UTC)
Should the two orphaned items in the reference section ("Security: Phishing and Pharming" and "How Can We Stop Phishing and Pharming Scams?") be moved to External Links? They do not appear to be referenced in the article. --Jdaskew (talk) 02:35, 23 January 2008 (UTC)
Found a good article here: http://www.computereconomics.com/article.cfm?id=1099, this will make a good citation Tanjstaffl(talk) 17:53, 27 February 2010 (UTC)