Pharming Security

PHARMING-- BY request of one my reader,i am trying to explain what is Pharming.Due to short of time i cant explain all about pharming.
Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.


If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to "phish" or steal a computer user's passwords, PIN or account number. Note that this is only possible when the original site was not SSL protected, or when the user is ignoring warnings about invalid server certificates.


For example, in January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia. In 2004 a German teenager hijacked the eBay.de domain name.


Secure e-mail provider Hushmail was also caught by this attack on 24th of April 2005 when the attacker rang up the domain registrar and gained enough information to redirect users to a defaced webpage.

Computer Hackers and Predators


How computer hackers and predators are threat for your computer security?

People with bad mind, not the computers, create computer threats. Computer predators victimize unaware people for their gain.  A predator having access to the Internet is exponentially bigger threat to your PC than the others. Computer hackers and predators are unauthorized users who break into others computer systems to steal, change or destroy valuable information, often by installing dangerous and harmful malware without your knowledge. The use of clever tactics and detailed technical knowledge help them to access the information you really don’t want to let them know.
What computer hackers and predators do to find you?
Everyone who uses a computer with a Internet connection is susceptible by the threats of computer hackers and predators. These online demons mainly use spam emails or instant messages, phishing scams, and bogus Web sites (fake or duplicate webpage which almost look like the original) to deliver dangerous and harmful malware to the computer and disable your computer security. They will also try to access your computer and thus your private information directly if you had not taken protection by configuring your firewall. They can also peruse your personal Web page or monitor your chat room conversations. Generally by using a fake identity, predators can fool you and make you into revealing sensitive personal and financial information.
Be aware: computer hackers and predators can do the following things to you.
With the help of malware transmitted by the hacker, he can get your personal as well as financial information without your knowledge. Then he can use this information for his benefit and it will harm you in the aspect of loss of money as well as private information and data. In either case, they may:
•    Know your usernames and passwords and will change it or use it according to him.
•    Using your info they can open credit card and bank accounts in your name
•    Steal your money and Ruin your credit
•    additional credit cards  or Request new account Personal Identification Numbers (PINs) o
•    Make purchases form offline stores.
•    Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
•    Obtain cash advances from your credit card
•     Abuse your Social Security number
•    Sell your information to such person who will use it for illegal purposes
Especially predators can pose a serious physical threat. Be extremely cautious when agreeing to meet an online “friend” or acquaintance in person.
Ways to know that are you in the net or not?
Regularly check the accuracy of your personal accounts, credit cards bills and other documents. Are there any unexplained transactions?
Questionable or unauthorized changes?
 If so, the dangerous and harmful malware is already installed by predators or hackers in your computer.
What can I do about computer hackers and predators?
Read as much as possible about the articles on computer security threats on this blog and increase our knowledge about this. Although Hackers and predators pose equally serious and but very different threats you will wiser enough to avoid their tricks.
To protect your computer from hackers and predators:
•    Regularly check the accuracy of your personal accounts and deal with any discrepancies instantly.
•    Use extreme caution when entering any chat rooms or posting on personal Web pages
•    Put a limit on the personal information you post on a personal Web pages
•    Carefully monitor requests  on social networking sites by online “friends” or acquaintances for predatory behavior
•    Keep personal and financial information out of any type of online conversations
Take these steps to protect your computer from hackers right away:
•    Switch to 2 way firewall.
•    Update your operating system on regular basis.
•    Increase your browser security settings.
•    Only download software from trusted sites you trust.
•    First carefully evaluate free software then use and do same in the case of file-sharing applications before downloading them.
•    Practice safe email protocol.
•    Don't respond messages from unknown senders, even don’t open it.
•    Immediately delete messages you suspect to be spam.
•    Make sure that you have the best internet security products installed on your computer.
•    Always use antivirus protection
•    Also Get antispyware software protection
An unprotected computer is a like a free gift for computer hackers and predators. To protect your computer from hackers and predators also use a spam filter or gateway to scan inbound email or IM messages. While free anti-spyware and antivirus downloads are widely available, they just can’t keep up with the continuous onslaught of new malware strains due to their limited functionality. Previously undetected forms of malware can often do the most damage, so it’s necessary to have up-to-the-minute updated and guaranteed protection.

How to Avoid Phishing Scams

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams.

* Be suspicious of any email with urgent requests for personal financial information
o unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed'
o phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
o they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
o phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
* Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle
o instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
* Avoid filling out forms in email messages that ask for personal financial information
o you should only communicate information such as credit card numbers or account information via a secure website or the telephone
* Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
o Phishers are now able to 'spoof,' or forge BOTH the "https://" that you normally see when you're on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
o Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a 'safe' site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.
* Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.
* Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
o The newer version of Internet Explorer version 7 includes this tool bar as does FireFox version 2
o EarthLink ScamBlocker is part of a browser toolbar that is free to all Internet users - download at http://www.earthlink.net/earthlinktoolbar
* Regularly log into your online accounts
o don't leave it for as long as a month before you check each account
* Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
o if anything is suspicious or you don't recognize the transaction, contact your bank and all card issuers
* Ensure that your browser is up to date and security patches applied
* Always report "phishing" or “spoofed” e-mails to the following groups:
o use the form on this page or forward the email to reportphishing@antiphishing.org
o forward the email to the Federal Trade Commission at spam@uce.gov
o forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
o when forwarding spoofed messages, always include the entire original email with its original header information intact
o notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/