Buying the Pharm
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Buying the Pharm

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    Buying the Pharm

    What happens when Javascript and the Windows hosts file collide...

    Simple Pharming - 0x000000 The Hacker Webzine

    There is so much you can do with Javascript that the best way to describe the toxic mix of browser exploits with Javascript will be an example to launch a pharming attack. The sheer beauty of pharming is that the surfer will almost never know that he has been compromised, because it is very silent. One way of quickly pharm surfers is to modify the hosts file on Windows.
    Read the rest for the sample code. Firefox + NoScript for me, thanks.

  2. #2
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Something I don't understand there. They're instantiating an ActiveX object . Wouldn't that be blocked by most people's security settings these days? I know it would be by mine.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Spybot Search & Destroy. Go to the "tools" section, you can inspect what is in your hosts file.

    If you select "IE Tweaks" there is also an option to lock the hosts file as read only.

    Like phernandez I generally use FF with "noscripts". My IE is set to ask permission before running ActiveX I cannot remember what the default is though?............... probably to run them?

  4. #4
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Not anymore, it used to be the default but it hasn't been for a few years now. I actually have ActiveX disabled entirely so it would never be a problem for me, but I believe the newer security settings of several years ago prohibited JavaScript from accessing the file system object entirely, unless you expressly alter the settings to allow it.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Doesn't that cause a problem with MSUpdate?

  6. #6
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    In my browser, I can enable/disable most anything with 2 clicks on the toolbar, globally or on a per tab basis, so I don't have to worry bout that.

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I am pretty sure you need admin privledges to edit a host file.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Member
    Join Date
    May 2002
    Posts
    93
    Quote Originally Posted by morganlefay
    I am pretty sure you need admin privledges to edit a host file.

    MLF
    I can't test this now (at work, with admin priveleges) but I believe anyone can open host in notepad, make changes then save.

    *Edit*
    Found a page that said admin required for Vista. Don't believe XP required this.

    Learn something new everyday =)
    Tachyon

    |-----|Alcohol is my anti-drug |-----|

  9. #9
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    In XP I can edit it as I please, haven't tried Vista though...

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes, that's how I understand it.............. only Vista needs admin, that is why it could be an issue because malware and rogue websites can hijack it in other versions of Windows.

    ZoneAlarm Pro, Spybot S&D and WinPatrol all have the capability of locking the file

Similar Threads

  1. Buying a processor
    By Raion in forum Hardware
    Replies: 23
    Last Post: March 19th, 2006, 04:35 AM
  2. Buying used NICs
    By Oso in forum Hardware
    Replies: 2
    Last Post: October 8th, 2005, 06:54 PM
  3. The poor man's pharm!
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: June 9th, 2005, 10:25 PM
  4. Buying Bandwidth
    By inf0streaker in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: January 19th, 2004, 03:32 AM
  5. Downloading VS. Buying things
    By gore in forum Cosmos
    Replies: 10
    Last Post: January 21st, 2003, 02:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •