Pharming a Scary Harvest - Protecting Yourself
(Page 4 of 4 )
Fortunately, protection against a drive-by pharming attack is even simpler than the attack itself. All you need to do is change the password on your router from something other than the default. Ramzan notes that three of the most common home wireless routers are made by D-Link, Linksys, and Netgear; a quick Google search turns up a number of pages that explain how to change the default password on these routers.
If you are at a site that you think is a pharming site and you run Windows, Wikipedia recommends the following procedure to check: from the Start menu, choose Run..., type command (or cmd) and press Enter. Then, to look up the IP address, type nslookup 123.45.67.89 and press enter, replacing the numbers with the IP address of the questionable site. If the domain name that the command returns looks correct, then it is probably a legitimate site. Obviously, you need to know the IP address of the site you're on, and there are ways to discover this. Pinging the site is one; there are also sites online where you can paste the URL into a text box, hit return, and get back the site's IP address.
As I pointed out in an earlier section, another way to protect yourself against pharming is by using secure connections with the https:// prefix when you are visiting sites at which you access private and sensitive information. This includes credit card sites, banking sites, tax-related sites, and/or any sites at which you would hand over personal information such as your credit card number.
There have also been attempts to fight pharming through legislation. Two years ago, Senator Patrick Leahy (D-VT) introduced the Anti-Phishing Act of 2005. The bill as worded would have covered both phishing and pharming. If passed, the bill would have imposed a five-year prison sentence and/or fines on those who execute phishing attacks and induce their victims to give up "any means of identification." The bill was referred to the Subcommittee on Crime, Terrorism, and Homeland Security on May 10, 2005, where it died in committee.
Given the level of success that legislation has had, the technical means of blocking phishing and pharming are a bit more certain (so long as you remember that spam filters, spyware blockers, and antivirus software won't help you with this particular menace). These are simply additional steps you need to take to safeguard yourself and your identity online.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
