Palisade Magazine
 

Discuss: Pharming on the Net

by Nilesh Chaudhari, CISSP
Discussion is open — there are 5 reader comments. Add yours.
1. Amol Chaudhari | 22 Mar 2006 8:51 PM

hi,
nice article! I think you have given all the information a regular internet user must be aware of.

2. Dave Chestnutt | 29 Mar 2006 11:05 PM

Nice article. I wish we could get that SSL dialog spruced up - the one that says the certificate doesn't match. The text is 100% accurate, but unfortunately, it doesn't say anything in user-speak.

If my Grandmother saw that dialog, it wouldn't mean a thing.

In the security world especially, we really need to remember that non-programmers need to understand our warnings.

Imagine if this warning said things like:
* Something is wrong with this site's security [instead of "certificate"]
* You should not proceed if you expect to login to this site.
* Proceeding is NOT RECOMMENDED as this could be a fake site that steals from you.

That might get a better reaction. From my granny.

3. Nilesh Chaudhari | 06 Apr 2006 9:43 AM

Dave, The IE 7 SSL dialog has indeed been changed. Now instead of a separate message window, the warning is shown inline on the webpage so that the visitor cannot miss the message. Also the words have been simplified for non-tech savvy users. Check this screenshot and read more about the SSL improvements on the IE blog.

4. Chetan | 06 Apr 2006 12:51 PM

Insightful post, Nilesh. I started looking for tips / ways to be on alert for web site owners. I am a casual user. My site is essentially a blog of personal nature. Nothing important. Nothing secretive or need to be secure. But, as I found out the hard way, my site becomes a potential host for sending out phishing attacks. The web is growing phenominally, the cost of camouflage is probably getting higher. So, it appears that bloggers and their domains are being used for sending out these attacks unknown to the owners. It happened to me. All the gory details here: http://ckunte.com/archives/2006/03/30/how-did-it-happen/

This is a nightmare for normal website / blog owners. When our sites start doing the illegal activity, without our knowledge, we could be face the law. There are other probablities. There could be employees in a hosting company who may be carrying these out for making some extra bucks. You never could be sure. Just a thought!

5. Gowtham | 18 Dec 2009 2:18 PM

hi Nilesh,
u conveyed message in pretty good way.
i'm doing research in same area in anna university..
i have few doubts related to this area..
is it possible to communicate you.. if please send me ur id.
bye

Post Your Comment








Please keep your comments on topic. Fields marked with * are required. We reserve the right to remove any comments deemed inappropriate.


*