By Robert Vamosi
“Hopefully, we've all become wise to phishing attacks, so named because they cast the bait (via e-mail) and if you bite, they can lure your personal information out of you. These scams are now fairly recognizable and usually arrive as a note from a bank asking you to go to its site (link provided, of course) to reenter your most personal information. The fact that a bank wouldn't really need your mother's maiden name might tip you off. Most likely, though, you spot the misspellings in this bogus e-mail, or you're otherwise savvy to the identity theft scam and immediately trash these messages unread.
So what if I told you phishing is just kid stuff compared to what's coming next?
…Pharming is simply a new name for a relatively old concept: domain spoofing. Rather than spamming you with e-mail requests, pharmers work quietly in the background, "poisoning" your local DNS server by redirecting your Web request somewhere else. As far as your browser's concerned, you're connected to the right site. The danger here is that you no longer have to click an e-mail link to hand over your personal information to identity thieves.…
To understand pharming, you need a little background on DNS. Throughout the Internet, a series of domain name servers (DNS) quietly resolve the familiar addresses you type into specific Internet addresses. These servers are basically large directories of common names such as Amazon, Google, and Microsoft, and IP-specific addresses that you never see. For example, if you type www.cnet.com, this request goes to your nearest DNS server, which then locates the registered Internet address for the Web server at CNET Networks. It's much more convenient than always remembering 222.123.0.0 or something similar.
However, this translation is also a weak link in the Internet's infrastructure. With every Internet request first bouncing off a DNS server somewhere on the planet, criminal hackers realized (some time ago) that rather than flooding a specific domain and effectively hiding it from the rest of the world (in what's known as a denial-of-service attack), they can either change the DNS record or take down the DNS system all together.…
DNS poisoning is a whole different kettle of fish (so to speak), and much more subtle than what I just described. When a cracker poisons a DNS server, he or she changes the specific record for a domain, sending you to a Web site very different from the one you intended to access--without your knowledge. Usually, the cracker does this by posing as an official who has the authority to change the destination of a domain name. DNS poisoning is also possible via software vulnerability, however. A white paper by Joe Stewart from the security company Lurhq and published on SecurityFocus offers more about DNS poisoning, including its history.
In January of 2005, someone fraudulently changed the DNS address for the domain panix.com, a New York State Internet service provider. Ownership of the company was changed from New York to Australia. Requests to reach the panix.com server were redirected to the United Kingdom, and e-mail was redirected to Canada. State and federal authorities are currently investing this case.
Prior to that, in September 2004, a teenager in Germany managed to hijack the domain for eBay.de. I could go on. Other attacks have targeted Amazon.com and Google.com. There were no immediate reports of identity theft resulting from these specific events.…”
http://reviews.cnet.com/4520-3513_7-5670780-1.html?tag=nl.e501
Posts
No comments:
Post a Comment