Legit Pharming.
Publicated on :
1184673868
Pharming among other things, is a simple way of setting up a site and let everyone who comes, submit their private data on a website he thinks is the authority he think it is. And the most important asset to let people submit all their private information, is trust. Without trust everything fails. You cannot say to surfers: do not trust everything, well you can but that would impair the joyous surfing experience. Security comes with a price, the price you must pay is a high level of alertness which ultimately leads to frustration and anger.
It is well known that security personnel will loose their concentration after a certain amount of time, they will make errors in the real world and could even greaten the risk of a compromise. They are still human, so is everyone on the Internet. People will make mistakes, people will fall into the hands of the so called bad guys. Happens everyday in real life and it continues to happen online. These two worlds have more in common then they differ from each other. In the end all people will throw away barriers, because it limits them. Including myself, I stopped using extensions like NoScript a long time ago. Because I feel impaired with having it. I feel like I miss a leg to stand on and cannot run anymore. I willingly reached a status quo where I don't care anymore for a few basic rules. The worst thing that could happen when I am compromised personally, is all my data loss on my PC.
Legit pharming happens everyday.
Today I was asked to enter some sweepstakes to win a movie ticket. What did I do? I joined because of the interest in a 10$ movie ticket. Sounds like a game not worth the candle, but still I did it. I didn't win the ticket but they got all my private information. It shows that we all trust certain authorities to some degree. What will happen if their database will be compromised in the next 24 hours? Sure, I did not think about that, I thought about that 10$ movie ticket: being plain human and there is nothing wrong with that. Today someone found a HI5 social community false alarm, which makes you wonder. This is legit pharming in all it's exquisiteness. A rough guess tells me 70% of all users submitted all their login credentials right there, and there is nothing we can do to educate them about that risk.
I found this one, it probably is a legit website but it asks your pop3 credentials
Here is the HI5 false alarm
So are those examples legit or not? do they "steal" private information? this is tricky because where is the nuance here? In a sense they do it legitimate. And so everything sits in some database, probably unencrypted waiting for the next hacker or rogue employee to obtain it all.