Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
E-mails from Nigeria asking for your help in transferring money. Important information about compromised bank accounts.
While the scams that daily flood our e-mail in-boxes show no signs of abating, there is some good news for the users who have to sort through them all. So says VeriSign in its latest "State of Internet Security" address covering the first three months of 2005.
Pharming, also known as DNS spoofing because it fools the domain-name system, is an alternative technique that tries to direct users to a fake Web site even when the correct address is entered into a browser. "It's as if you looked up a number in the phone book," says Phillip Hallan-Baker, a Web security expert at Verisign, "but someone somehow changed the number, managed to swap the phone book on you."
VeriSign's report lists ways to lock down DNS infrastructure to shut down pharming. It encourages administrators to upgrade their DNS software and to install cryptography solutions. Hallan-Baker feels that pharming attacks that depend on cached information could be eliminated fairly easily. Pharming attacks infrastructure, so the company in charge of that segment could prevent further attacks by upgrading necessary components.