I'm getting nervous about this phishing. I mean I'm not stupid enough to just click on any link in an email sent to me of course but I'm worried about some of the new techniques out there.
I hear there is this technique of poisoning the DNS cache (DNS spoofing), so even if you type in the correct url, they will send you to wrong site. Is there any way to protect against that?
I read that Online Armor http://www.tallemu.com/ as a feature that checks sites with an independent DNS server , but I don't want to install OA just for that!
I also read about this scary XSS attacking at
http://www.wilderssecurity.com/showthread.php?p=1000640#post1001182
Currently what I do is that when i want to go to an online banking site, I clear my browser cache and cookies. Then i restart the browser. Then I manually enter the url , carefully making sure I don't mistype.
I don't know if any of the antiphishing toolbars or the build in ones in firefox, opera or even internet explorer is good.How do protect youself against phishing?
What you can do is avoid the DNS server altogether.
First, find the right ip address associated with your important websites. To do this, open a command prompt (Start %26gt; Run %26gt; CMD %26gt; hit ok) and enter the following command:
NSLOOKUP mybank.com
It will give you a Non-Authoritative answer with the ip addresses registered for the name mybank.com. With those addresses, open the hosts file on your computer and make the appropriate entries for each ip address. The hosts file is located in C:\WINDOWS\system32\drivers\etc\
Just open it with notepad.
So, if you wanted to make sure you got google's website every time, you would perform an nslookup on google.com and modify your hosts file so it looks something like this:
127.0.0.1 localhost
64.233.187.99 google.com
64.233.167.99 google.com
72.14.207.99 google.com
When you enter a url in your browser, your hosts file is checked for the ipaddress first. If it does not find it, it goes to a remote DNS server. So if you have the appropriate ip-to-name association for your websites, you will always get the correct site without worrying about a security breach on your ISP's DNS server. This will also improve browsing speeds.How do protect youself against phishing?
if you are very concern, reformat your comp and dont go to anymore dangerous site (torrents, warez, ads, etc) there are also softwares out there that give some sort of protection. like norton internet security which has fraud dectection of sites you visit. when you are buying things online, make sure you know the site and check if the site's security has been updated to the date that you are buying things(verisign, ssl protection) always have some antivirus software protecting you there are some very nice free ones listed on pc magazine and also some you pay for that are good too. just scan the computer every week and clear cookies and cache often.How do protect youself against phishing?
Wow.
Well, one thing is to make sure you have HTTPS in front of a URL for an online bank. (if you use one, that is).
Use these with caution, and never install from sources you don`t know.
Use a good firewall, a good anti virus solution (with auto update function) and anti spyware software.
And, when in doubt - don`t go ahead. Check, make sure and check again.
Use Firefox instead of Internet Explorer. Although, IE7 is better than IE6. Update your windows, your browser etc. whenever there is an update.
And, use common sense..
Nothing is 100% sure - but with the above tips, you should be relatively safe.
Oh, and should you suspect abuse or a phisher has details - see if you can block things, or change passwords etc.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment