a Server based DNS compromise would involve the actual DNS server machine being infected. It could thus be manipulated to redirect ALL traffic from the actual site to the phishing site. Since the actual site will now experience zero traffic, these compromises usually don't last any more then a few hours before being found and solved.
Yes, Yes, that is right on. That is what the major DNS attack is. Now we are on the same page!
And yes, SSL is vbery important. Doing a fake SSL is very, very hard.
Because the major DNS attacks it has to be so clever and only last a short time, some have felt it is not a serious matter.The cure for the major DNS attack is to use certified software on the DNS serve assigned by your ISP. If you ISP does not what to bother with this annoying detail, because they have other things to do, you can find certified DNS and put the IP in your router and then you don't have that special problem. However, you need permission from the DNS owner to do that, unless he indicates that it is OK for a small business or and individual to do that. There are firms that make it there business to have reliable and safe DNS and they charge a modest fee to the commercial customers who prefer high quality DNS. These companies may also provide blocking of sites that are know to be hostile. Or block some sites for your company to prevent employees from wasting time on non-business matters.
The Major DNS problem exists only because some ISP people just did not want to pay anything to update their outdated server software. The point I want to make is people are complacent if the think a threat is small. Think of a spacecraft that lost a few ceramic tiles. Just a few tiles. Fix it later.
Now then, getting back to the main point of the thread.No, you do not have to be paranoidd. You can surf the net safely. Let your
common sense not be based on the unproven claims . Find out that anti-virus and firewalls do not mean you"have nothing to worry about". You still need to worry,
if worry will help you be careful about giving out any information that would be harmful to you if it got to the wrong kind of people. I mean organized crime and those firms that are on the very edge of the law.
For example,
no anti-virus or spy ware will EEVER tell you the the "Video Pro so-and-so" has a horrible record of bleeding credit card accounts for services customers no longer want. You have to hope that your credit card company will help you if you have trouble with that particular firm. The fact the 90 per cent of his customers are happy is of little comfort to the 10% who got ripped-off with charges every month for bad service. The guy is a leach. That fact that his sucks blood from a small number of clients does not make him less a leach. The same can be said for the TV Infomercials you see Sunday mornings.
And Back accounts. Yes the connection is very, very secure. But, if anything goes wrong, it is always your fault. The bank will not give you a break.
The insurance they carry only protects you if the back burns down. I do not recommend on-line banking at all. The problem is that some on-line companies want you to use the back account for direct transfer. Only, and ONLY do that if the firm really is a company that you really do know and trust. Avoid business with anybody who will not let you pay with a credit card or a third part firm that will handle the credit card transaction. Again, that is not AV, or SSL issue.
And by the way here we use use Avast! Works great! But I still worry.
Do not ever give your password to a request from anybody. Even if the President of the USA sends you an e-mail requesting your password in the interest of national security you should ignore it. Just say you never got the e-mail because your e-mail program now has a new BS filter.
My rant started because somebody expressed the idea security was about e the best AV and knowing how to spot malware. Security is about protection of your privacy, your reputation, your livelihood, your children and the things you believe in.