Slashdot Mirror
Pharming Attack Targets Home Router DNS Settings
msm1267 (2804139) writes Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim's web traffic to a hacker-controlled webserver, usually through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their beginnings with a spam or phishing email. Proofpoint reported on the latest iteration of this attack, based in Brazil. The campaign was carried out during a five-week period starting in December when Proofpoint spotted phishing messages, fewer than 100, sent to customers of one of the country's largest telecommunications companies.
In the life sciences, "Pharming" is using genetically engineered animals, like goats, to produce proteins or other substances, (especially those with pharmaceutical applications).
Example: Genetically engineered goats that produce spider silk proteins in their milk that can then be extracted from it.
see: http://www.bbc.com/news/scienc...
(Warning, possible auto-play)
"They also try to brute force the admin page for the router using known default username-password combinations."
About time to force manufactures to not have "default" passwords. If 2wire can do it on their amazingly cheap crap, so can others.
At the beginning of last week, I saw a number of fake emails "returned" to my ISP email account. A day or two later, I received a phishing email requesting me to change my password for that email account.
Today, someone tried the same thing for my Microsoft account.
It's more creative than usual, but it is still just a phishing attack, and you can easily spot it by the fake URLs in the phishing emails.
I do not fail; I succeed at finding out what does not work.
Just Compromise an adserver with A flash exploit and You Can 0wn Tens Of thousands within hours.
Whoever thought to run executables on random websites was a good idea? More proof adblock not user education is needed for security. Gone are the days of not clicking meant secure
http://saveie6.com/
"Pharming attacks are ..." yet another stupid buzzword that some guy with a marketing degree thought was cute. For fuck's sake, just call it what it is, traffic redirection, or perhaps traffic hijacking. Everyone will understand just fine. "Pharming" (or farming) doesn't even make any sense in this context. If you insist on coming up with a new name for everything, I heard The Weather Channel is hiring.
Just make sure your hosts file isn't populated with a random bunch of known security software vendors' names like eset, trendmicro, kaspersky, avira or some shit with a loopback to your local before them. I've seen some really screwed up hostfiles on my friends' PCs that look like that. I just trash them in favor of one of the well-known complete hostfiles that some dudes keep updating around the web ...I forget the names of the websites and authors...so...y'know...this advice is a big help lol. I'm sure someone remembers on here...
hmm, if a web page's JS asks to visit the gateway's home page, then it can log in with the default pass.
Note to self, put an actual pass there.
My bad.
As ususal, bugs are obvious after you see them.
GIven a gatway log in, the web page can pretty do whatever it wishes.
Adjust DNS to a more hacker frienly sequence, sure.
Permit remote configuration, sure.
Update the code to a more friendly codebase, sure.
Mirror my traffic to Utah, sure.
One doesn't usually think about protecting things behind the firewall, but if useful web pages include the ability to run code with net acccess, then things behind the firewall are not necessarily friendly. Seems like, for Joe six pack, this web secure thing is fundamentally broke. For someone with a clue, fixable, but broke out of the box.
"Just make sure your hosts file isn't populated with a random bunch of known security software vendors' names like eset, trendmicro, kaspersky, avira or some shit with a loopback to your local before them." - by Guy From V (1453391) on Sunday March 01, 2015 @02:35PM (#49159449) Homepage
By whitelisting in APK Hosts File Engine 9.0++ SR-1 32/64-bit http://start64.com/index.php?o... vs. adding these as FALSE POSITIVES:
1.) AntiVirus vendors
2.) AntiMalware vendors
3.) AntiSpyware vendors
4.) Firewall vendors
5.) Search Engines
6.) Security Blogs &/or websites
7.) OS Updaters
8.) Program Updaters (per the 1st 4 above)
9.) AntiSpam sites
10.) AntiPhishing sites
11.) Developer pages
12.) Email login pages
13.) Major Portals
(etc. - et al)
* It just works vs. blocking them erroneously...
APK
P.S.=> It's one of the features I added in the "SR-1" (service release 1) this round... apk
APK Hosts File Engine 9.0++ SR-1 32/64-bit:
http://start64.com/index.php?o...
FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. addons + fixes DNS' redirect security issues:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...
B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).
C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity
D.) Hosts files yield more:
1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed, Kaminsky redirected (99% ISP DNS' = unpatched vs. it), DGA, Fastflux, & dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).
---
* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).
* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.
* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth...)
(Instead, work w/ a more capable native kernelmode part you already have - hosts (An integrated part of the ip stack))
APK
P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"
...apk
Can adblock do 16 things hosts do for speed, security, & reliability:
1.) Protect vs. malicious sites/servers (beyond malicious ads: See 2-10 next)
2.) Protect vs. fastflux botnets + stop communication to C&C servers
3.) Protect vs. dynamic dns botnets + stop communication to C&C servers
4.) Protect vs. DGA botnets + stop communication to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (think stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage
* ANSWER ="NO" to each above on AdBlock doing it as well or at all!
APK
P.S.=> AdBlock does FAR less than hosts do & FAR less efficiently - hosts by way of comparison, do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):
AdBlock's 4++gb & 100% CPU usage flooring inefficiency -> https://blog.mozilla.org/nneth... + ClarityRay defeats it + it 'souled-out' & is crippled by default paid off to not do its job http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/...
AdBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).
For the BEST hosts file?
APK Hosts File Engine 9.0++ SR-1 32/64-bit -> http://start64.com/index.php?o...
MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...
... apk
Result? W. Palant RAN after he wrote me by email 1st saying "hosts are a shitty solution" to which I replied:
"Show us adblock can do more for added speed, security, reliability, & anonymity than hosts can, + that adblock does it more efficiently than hosts"
Which on my latter 'point-in-challenge' on efficiency AdBlock's proven by research to be MASSIVELY inefficient -> https://blog.mozilla.org/nneth... & adblock does FAR less than hosts (especially crippled by default).
I sent Wladimir Palant that challenge in response to his statement from 2 different email addresses I use!
Result = Still no answer from him in regard to my challenge put to him to this very day MONTHS later - that tell you anything? It did me!
He knows his addon is less efficient & features laden by FAR vs. hosts - Wladimir Palant RAN like a scared rabbit!
ClarityRay's also DESTROYING AdBlock - via native browser methods to DUMP what addons you use (it can't DO THAT to hosts files).
I only tell it how it is on hosts' superiority vs. AdBlock - Funny part is, Wladimir Palant running does too!
Especially considering "Almost ALL Ads Blocked" has 'souled-out' -> Google & Others Pay Adblock Plus To Show You Ads Anyway: http://news.slashdot.org/comme... & ABP too http://finance.yahoo.com/news/...
APK
P.S.=> Bottom-Line: Hosts = a superior solution that also fixes DNS redirect security issues (vs. browser addons & their inefficiencies + messagepassing overheads as well as myriad lack of abilities hosts have from 1 file that's part of the IP stack itself - faster, more efficient, & less redundant as well, since TCP/IP has 45++ yrs. of refinement & optimization in it, & runs in a higher CPU serviced ring of privelege & operations in kernelmode vs. slower usermode layering over browsers slowing them more, & hosts = 1st resolver queried by the OS itself also)... apk