L’hameçonnage (« phishing ») vise à escroquer les internautes en les incitant à révêler sur de faux sites Internet des informations personnelles.

Deux outils, ajoutés à votre moteur de recherche, permettent de déterminer et d’afficher le véritable domaine du site que vous visitez.

Ils sont néanmoins inefficaces contre le détournement du nom de domaine (« pharming »), c'est-à-dire la modification des données DNS des serveurs ou du fichier hôte du client.

Il existe trois méthodes pour résoudre ce problème : d’abord installer un logiciel détectant et avertissant l’entreprise de tout changement opéré sur les serveurs de DNS.

Puis agir au niveau du client en empêchant les changements du fichier hôte du système et la configuration des DNS locaux, en confrontant les requêtes aux données de trois serveurs DNS sécurisés.

Enfin, associer un signal d’identité/d’identification de couleur à chaque utilisateur au moment de la première connexion à un site protégé par le système IDcues, afin de repérer les sites factices.

D’autres solutions existent sans doute…

M : Today I have the pleasure of interviewing JD, the teenager who hijacked the eBay.de Domain name/DNS in 2004. Hello JD!

JD: Hi!

M: All our listeners are wondering about your exploit/feat. How did you manage it?

JD: Well… I simply poisoned eBay’s DNS by modifying its server’s records/data and then rerouted the users towards a fake site of my own design. Thus, I managed to get their personal information such as their passwords and ID.

M: Wow! It sounds frightening, especially since you found that simple to perform…

JD: It was! Yet, I didn’t take advantage of the situation since I didn’t steal any money from users. Instead, I warned companies and devised an anti-pharming software that I now sell to big internet providers.

U: Could you tell me about the way you hacked the eBay.de DNS?

T: First, I designed a webpage with the same features as eBay, the auction website.

U: But how did you manage to plagiarize the real site?

T: Thanks to DNS cache poisoning/pharming, I accessed huge databases used by Internet providers and I changed the DNS records of the servers at eBay ISP. I could also have altered the client system host file or DNS settings. Then, I cheated people into entering their names and passwords.

U: How can that be done?

T: The solution to this problem lies in the setting up of the DNS server under Windows NT4.0 and 2000.

HSBC
2, Stuart Street, London NW1 3NB, UK

16 May 2006

M Joseph DUPONT
5 rue de la gare
75000 Paris
FRANCE

Dear Mr Dupont,

THIS IS A CUSTOMER SECURITY WARNING!

We would like to inform our customers about a growing threat on the Internet, a scam called “phishing”. It consists in setting up fake web sites whose aim is to make users reveal their personal information so that it can be used at their expense.

We advise our customers to be very careful and to use the add-ons and the anti-pharming tools that are available free on the Internet.

Should you need any further information, please contact Cynthia Evans, our expert in public relations, who will be delighted to help you.

Yours sincerely,
(signature)

John Smith
Manager