mercredi 28 mars 2007
Par Cedric Pernet le mercredi 28 mars 2007, 15:04 - Security
Here is an article from Zulfikar Ramzan (Symantec) about "drive-by pharming"
The theory behind this name is easy to understand : a user having a broadband router with generic passwords goes to a malicious web page, which manages to change the DNS settings of the router.
If the password has been changed, the user should be safe and not victimized.
If the user still has the generic password on his router, then his DNS settings can be changed, and the pharming starts...
Now it reminds me of a funny (or should I say silly?) story.
I had problems with my personnal Internet connection some time ago. It wasn't a problem on my side, it all came from my ISP, who also provides me with a broadband router (Livebox, not to mention it...)
I wasn't home, my girlfriend called the hotline of this ISP. She explained the problem, and the technician (should I use another word and be mean? Hmmm tempting...) answered they had to check some parameters together.
Here's the talk they had as she told me later on:
Technician: ok, open your Internet Explorer...
Girlfriend: ok, I'm opening Firefox...
Technician: well...hmmm... hmmm... (feeling uneasy) ok... enter "xxx.xxx.xxx.xxx"
Girlfriend: ok, I see a box asking me for my login and password.
Technician: good. Type twice "admin".
Girlfriend: no, this won't work.
Technician: why ??
Girlfriend: Because my boyfriend changed the password.
Technician: ????? why the hell did he do that ?????
Girlfriend: (astonished) well... hmmm... to have some kind of... security ?"
I was grinning when she told me about this call... In the end, my parameters were right, the problem was on the line itself...I won't comment more and say what I think about this kind of "technicians"... ;-)