I had the "privilege" of seeing a scary exploit the other night .....
Basically it was a variation on the idea of 'pharming', where a hacker tries to redirect traffic to another site legitimate, fraudulent, the website - the most common use of this exploit is to redirect traffic destined on-line financial site to collect user names, passwords and security credentials. There are a number of ways in which this type of attack can be executed.
The first,and simplest method is to compromise the hosts file on your PC. The hosts file is a remnant of the ARPANET, the precursor of the Internet that do not have a system of domain names to resolve network names. Instead, each node has its own administration of the other nodes that needs to know and that is what is included in the hosts file. An entry in the hosts file overrides the need to address using the Domain Name System.
To make an attackattacker to modify the hosts file, something that can be achieved by inducing users to download a small piece of malware on your computer - This malware can then modify the hosts file with the name of the site they wanted and directed false IP address they wanted to fold at.
The second way to run a pharming attack using a technique called DNS cache poisoning - this is where the attacker to compromise a DNS server, exploiting a bugThe DNS server software and make sure that the DNS server information to accept false. By the DNS server will also be an incorrect IP address for a particular name, and users to the website of the attacker's site.
The third method, the malicious code back to the router's DNS settings you a home, this is called a "drive by" pharming attack. If you look at the configuration of the router somewhere in the houseconfiguration is usually references to primary and secondary DNS server - these parameters are usually set according to what your ISP, but even if your ISP has provided the configuration, you can change these settings.
In this attack, the hacker changes the DNS settings so that any attempt to resolve names not be sent to the DNS server of the ISP, but to a DNS server controlled by hackers. Thus, the attacker is ableto provide all the address you choose and redirect traffic to another server under his control. So an attempt to) access to the site Natwest (www.natwest.com may involve the user is redirected to a fake server provides Web pages that superficially resemble the real site - which allows the attacker to collect the testimonies of online banking.
This attack the user should be prompted to download some malware on their PC - either via built-in JavaScripte-mail or a Web site compromise. In many cases also require a username and password for administration of the router at home, even if many users are not the standard speed and a session with a search engine usually reveal the user name and password by default for most popular home routers . Alarmingly, there are a number of home routers out there that allow the user / password validation for administrative access can be bypassed.
So, what can you do to protect yourself - heresome simple tips.
The site in the browser look real? If something sensitive like online banking site is the use of HTTPS (the lock symbol appears on most browsers).
If your site uses HTTPS, a certificate warning? If you have a certificate warning you should never go.
The site seems to be asking for too much information? Most financial institutions have an online user name, password and memorable pieces ofinformation. If the site has been connected you want to record the information at once, is not the genuine article. Similarly, if the site you're connected, you can request a password when you would normally complete the specified characters from a drop down list or click buttons on a keyboard on the screen to select, not the real article.
Change the default administrative user name / password on the router at home.
Good luck - and staySafe.
Friends Link : Vulnerability Security Spark Energy Corrugated Plastic
No comments:
Post a Comment