any thoughts on this article?

[The Texan]

Hey i found this on msn.com any thoughts on it? http://www.msnbc.msn.com/id/6416723/ thanx bye.

[Riot]

Nothing really that new it is just that now it is starting to be widely used not just by virus writers but by Phishers now and people don’t want to hear about how viruses work because they have an anti-virus system like Nortan or Mcafee (usually not up to date) but because it is being used in Phishing scams now people want to hear about it because they could be losing money and not just their privacy.

[The Texan]

well i hope people are smart enough not to click on email links ( that helps this spread)

[Tiger Shark]

Better yet locate your hosts file and remove rights to write to it from everyone except administrators, then log in as a regular user for normal operation or use something like WinPatrol that monitors changes to it and removes any changes you don't intent.....

Sometimes I think this stuff isn't rocket science.... But they sure like people to think it is.....

[The Texan]

lol very true tiger

[Und3ertak3r]

Anti Virus programs haven't checked the Hosts file...

and the host file was all i could get out of that artical as being the main cause of concern..

The new technique involves changing a little-known piece of software on most Web-ready computers called a "host file." All Web sites have numeric Internet addresses, called IP addresses,

Years ago, before the Internet's domain name system was in place, the local host file was useful, says software engineer and privacy advocate Richard Smith, who operates ComputerBytesMan.com. But now, it's just a relic, he says, kind of like an appendix on Internet software.

"It's useless now," he said. "But it's an attack vector.... This just points out that at some point you have to age out features and get rid of them."

While I agree in part with this. I use the hosts file to block unwanted add sites..hmm but i havent set the file attributes to read only.. havent tried that.... but it would be as easily circumvented..

Bloody hell .. I shouldnt eat brekfast and post replies at the same time.. some B.... beats me to it. that is the reply..an.... darn now the dogs got me breakfast..argh.

[jonathans_daddy]

Years ago, before the Internet's domain name system was in place, the local host file was useful, says software engineer and privacy advocate Richard Smith, who operates ComputerBytesMan.com. But now, it's just a relic, he says, kind of like an appendix on Internet software.

"It's useless now," he said. "But it's an attack vector.... This just points out that at some point you have to age out features and get rid of them."

Damn... Where've I been that I didn't realize this was a useless feature? Sucks to be told that features you use are useless...

[Tiger Shark]

Undies: Not the file attributes.... Set the security to allow read only on all but the administrator.... That's far from easy to get around if you run normally as a normal user.....

[z31200n3]

As Kevin Mitnick said, the weakest link in security is the human being. Its amazing how many stupid people (fully aware of the implications of clicking said emails) STILL TAKE THE DAMNED LINK!!! Obviously, this isnt any new insight, but i just wanted to express my disbelief in the human race :-)

-z3

[rcgreen]

"It's useless now," he said. "But it's an attack vector.... This just points out that at some point you have to age out features and get rid of them."

As usual, blame the wrong thing. You should have your browser
configured so that no web site you surf to can have free access
to write to your system files. Unfortunately, with all the javascript and
activeX stuff enabled, they can rewrite just about anything on your
hard drive.

Now, if you have linux, you can tell your system to only consult the hosts
file when dns fails. Who knows. maybe you can also do so with Windows.

I wouldn't encourage OS designers to take this feature away. Phishers
will just find a way to abuse DNS. Then where would we be?


AHA!

http://support.microsoft.com/kb/119372/EN-US/