Talk:Pharming

This article is rated Start-class on Wikipedia's content assessment scale.
It is of interest to the following WikiProjects:

Computer Security: Computing Mid‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

Mid

This article has been rated as Mid-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Computing

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
???	This article has not yet received a rating on the project's importance scale.
	This article has been automatically rated by a bot or other tool because one or more other projects use this class. Please ensure the assessment is correct before removing the `\|auto=` parameter.

Wiki Education Foundation-supported course assignment[edit]

This article was the subject of a Wiki Education Foundation-supported course assignment, between 28 August 2018 and 14 December 2018. Further details are available on the course page. Student editor(s): Mountainrose127.

Above undated message substituted from Template:Dashboard.wikiedu.org assignment by PrimeBOT (talk) 06:31, 17 January 2022 (UTC)[reply]

Multiple attack vectors ascribed to pharming[edit]

It appears there are now several, entirely different, scams being referred to as "pharming".

The examples of ebay.de, Panix, etc., are social engineering, whereas "pharming" has also been used to describe an attack on the DNS resolution process itself -- http://www.wired.com/news/infostructure/0,1377,66853,00.html .

-- anonymous

additional attack vectors with external references:

DNS poisoning -- http://www.microsoft.com/athome/security/privacy/pharming.mspx

Host file, wildcards, trojon horse and DNS poisoning -- http://www.wired.com/news/infostructure/0,1377,66853,00.html

DNS poisoning, domain spoofing -- http://reviews.cnet.com/4520-3513_7-5670780-1.html

Drive by pharming and anti-DNS pinning -- www.cs.indiana.edu/pub/techreports/TR641.pdf, http://www.infoworld.com/article/07/02/23/HNsecondgoogledesktopattack_1.html

BGP route poisoning -- http://www.securityfocus.com/columnists/429 (a little too general)

Tanjstaffl 20:33, 12 March 2007 (UTC)[reply]

No need to explain how IP works[edit]

I think that the 1st paragraph of Explanation of Pharming should be removed. It is too basic and already explained in IP address and TCP_IP. At least, it should be cut.

ok

The term "hacker" seams to be used inappropriately though linked correctly. Using "black hat" in the text would make it more difficult to understand and using "cracker" might be unclear, too. I suggest trying to ship around the term in general. -- anonymous

leaves of the internet[edit]

What does "the most vulnerable points of compromise are near the leaves of the internet" mean? This is a little unclear.

This whole section needs a complete rewrite to be more encyclopedic and make more sense. --beefyt (talk) 06:00, 12 January 2009 (UTC)[reply]

Controversy over the term[edit]

perhaps searching for should lead to a dissambiguation page with links relating to cell based cloning protein production (pharming (genetics)) and the drug abuse one (unsure what that actually is anyway but i have heard of it) —Preceding unsigned comment added by 87.198.229.90 (talk) 15:42, 13 February 2009 (UTC)[reply]

I can't find that quote anywhere, except citations to this very article. Should it be removed? --Rotring 12:51, 23 February 2007 (UTC)[reply]

I think Rotring is right.

Now if you click to http://www.antiphishing.org/, the first header is "What is Phishing and Pharming?"

This is clearly an obsolete or possibly fictional quote.

Tanjstaffl 20:39, 12 March 2007 (UTC)[reply]

The lack of a proper citation might argue for its removal, but I am reasonably certain the quote is genuine, and compatible with the APWG's public web presence. PHB is a member of several working groups on web security, and has a slightly bombastic way of making pronouncements. It is entirely plausible that he could have made this comment to that group, and equally so that they might proceed to talk about pharming despite it.

JohnathFeb 20, 2008 —Preceding comment was added at 03:38, 21 February 2008 (UTC)[reply]

Philips routers can be manipulated even when the password has been changed[edit]

It appear that Philips routers are especially vulnerable because they accept cgi commands without a password. For the time being, this is original research (I don't own a Philops router), my source is https://bugzilla.mozilla.org/show_bug.cgi?id=371598 but it appears to me to be a very serious security threat. Andreas ^(T) 17:26, 25 February 2007 (UTC)[reply]

Philips has issued a firmare upgrade that fixes this Andreas ^(T) 01:20, 1 March 2007 (UTC)[reply]

How to protect against pharming[edit]

This section is incorrect, it describes using nslookup to do the lookup, but nslookup does not support reverse lookups in the way described... it is used to find a resolved address for a domain name.

To find the domain name for an ip address use a reverse lookup tool such as the one found here: http://www.zoneedit.com/lookup.html

To find out who owns an IP address use whois from www.arin.net.

Bproven 00:26, 1 March 2007 (UTC)[reply]

I agree the example is useless. If you are being pharmed then your nslookup will provide the same answer as your browser -- you are checking the same compromised DNS source in both cases. You must either direct your query to a trusted DNS server (might be impossible if a rootkit is present) or a valid external source on the web.

Tanjstaffl 19:55, 12 March 2007 (UTC)[reply]

Wrong year?[edit]

2007 should be 2008 for the Mexican Bank incident? —Preceding unsigned comment added by 212.242.152.94 (talk) 00:09, 23 January 2008 (UTC)[reply]

Changed it and added a ref to the article --Jdaskew (talk) 02:13, 23 January 2008 (UTC)[reply]

References section[edit]

Should the two orphaned items in the reference section ("Security: Phishing and Pharming" and "How Can We Stop Phishing and Pharming Scams?") be moved to External Links? They do not appear to be referenced in the article. --Jdaskew (talk) 02:35, 23 January 2008 (UTC)[reply]

Found a good article here: http://www.computereconomics.com/article.cfm?id=1099, this will make a good citation Tanjstaffl(talk) 17:53, 27 February 2010 (UTC)[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just added archive links to 2 external links on Pharming. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 22:20, 12 February 2016 (UTC)[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just added archive links to one external link on Pharming. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

Added archive http://web.archive.org/web/20051124105904/http://www.csoonline.com:80/talkback/071905.html to http://www.csoonline.com/talkback/071905.html

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 07:09, 10 March 2016 (UTC)[reply]