new crop of attacks is on the horizon, and it's even more insidious than phishing - and more poorly named. Pharming is a new way of luring you to fake Web sites with the same old goal: stealing your identity. Instead of setting up a convincing replica of a popular site, hackers attack the site itself and set up a site redirect that takes effect when you and others try to visit it. In other words, even if you type the correct address yourself, you can still end up at a fraudulent Web site. Because the Location Bar actually reflects the correct address and because the scammer didn't interact with you in any other fashion, none of the phishing tests can help you detect pharmers! Imagine that you have to call a friend for directions to his house. Now imagine that someone posing as your friend answers the phone and, with a voice just like your friend's, directs you to his house instead so he can rob you. Now you can begin to understand why pharming is so sinister. The good news here is that pharming is a very difficult attack to pull off because hackers need to successfully break into the Web site itself. Technical details aside, they essentially need to update the table of information that says, "when the user types http://www.ebay.com, load the information off this computer." Furthermore, if a hacker does manage to successfully pharm a major Web site, the company that operates it can notice and correct the problem very quickly. The rarity of pharming is a saving grace, but you should still take steps to prevent being pharmed. Doing so requires a little knowledge of browser certificates. These aren't gift certificates; instead, they're more like the documents certifying that your doctor is trained to perform an operation. Browser certificates help you verify that you're interacting with the desired site, which cuts to the very heart of pharming. In the phishing section, I discuss the concept of secure Web sites that use SSL technology and mention that all reputable sites asking for sensitive information should use this technology. Certificates are the next layer of security. Whereas SSL technology ensures that your information is being securely transferred, certificates ensure that your information is being securely transferred to the organization you intend to entrust with it. Trusted third parties such as VeriSign issue certificates to consummate your transactions with secure Web sites, just as an independent public notary would preside over the dealings of two strangers. These companies issue certificates only to reputable companies. Keep in mind that certificates are built atop the SSL technology. Therefore, if the malicious Web site the pharmer is secretly redirecting to doesn't support SSL (which it might want to do as a ruse), Firefox won't be expecting a certificate and therefore won't warn of a mismatch. This is intentional because SSL should be considered the first hurdle that any legitimate Web site should pass. In other words, if the Web site doesn't support SSL - if that Location Bar doesn't turn bright yellow - something is already suspect before you even begin worrying about certificates. The bottom line is that it's impossible - as far as I know today - for any hacker to replicate the combination of SSL technology (which displays the bright yellow Location Bar!) and a legitimate, matching certificate. Protecting your password Your password is the prize most hackers are seeking. It is often the key to your credit card and Social Security numbers, to your home address and other private data, and you should guard it with the same vigilance as you do the key to your home. Besides using tricks like fake e-mail and fake Web sites to steal your passwords, there are hackers working on an entirely different approach: Rather than persuade you to give us your password, they'll just guess it themselves! Yes, that's right: guess it. TECHNICAL STUFF