Galley
discusses three types of attacks against computer systems: Physical, Syntactic
and
Semantic. A physical attack uses conventional weapons, such as bombs or fire. A
syntactic
attack uses virus-type software to disrupt or damage a computer system or
network. A
semantic attack is a more subtle approach. Its goal is to attack users'
confidence
by causing a computer system to produce errors and unpredictable results.
Syntactic
attacks are sometimes grouped under the term "malicious software" or
"malware".
These attacks may include viruses, worms, and Trojan horses. One
common
vehicle of delivery formal ware is email.
Semantic attacks involve the modification of information or dissemination of
incorrect
information. Modification of information has been perpetrated even without
the aid of
computers, but computers and networks have provided new opportunities to
achieve
this. Also, the dissemination of incorrect information to large numbers of
people
quickly is facilitated by such mechanisms as email, message boards, and
websites
Hacking
tricks can be divided into different categories elaborated below:
Trojan programs that share files via instant messenger
Instant
messaging allows file-sharing on a computer. All present popular instant
.jpg)
by
installing patches or plug-ins; this is also a major threat to present
information
security.
These communication software also make it difficult for existing hack prevention
method to prevent and control information security. Hackers use instant
communication
capability to plant Trojan program into an unsuspected program; the
planted
program is a kind of remotely controlled hacking tool that can conceal itself
and is unauthorized.
A hacker
need not open a new port to perform transmissions; he can perform his
operations
through the already opened instant messenger port. Even if a computer
uses dynamic
IP addresses, its screen name doesn't change.
Hijacking and Impersonation
.jpg)
There are various ways through which a hacker can impersonate other users. The most
commonly
used method is eavesdropping on unsuspecting users to retrieve user
accounts,
passwords and other user related information.
The theft of
user account number and related information is a very serious
problem in
any instant messenger. For instance, a hacker after stealing a user's
information
impersonate the user; the user's contacts not knowing that the user's
account has
been hacked believe that the person they're talking to is the user, and are
persuaded to
execute certain programs or reveal confidential information. Hence, theft
of user
identity not only endangers a user but also surrounding users. Guarding
against
Internet security problems is presently the focus of future research; because
without good
protection, a computer can be easily attacked, causing major losses.
Hackers
wishing to obtain user accounts may do so with the help of Trojans
designed to
steal passwords. If an instant messenger client stores his/her password on
his/her
computer, then a hacker can send a Trojan program to the unsuspecting user.
When the
user executes the program, the program shall search for the user's password
and send it
to the hacker.
Denial of Service
There are many ways through which a hacker can launch a denial of service (DoS)
attack on an
instant messenger user. A Partial DoS attack will cause a user end to
hang, or use
up a large portion of CPU resources causing the system to become
.jpg)
unstable.
There are
many ways in which a hacker can cause a denial of service on an instant
messenger
client. One common type of attack is flooding a particular user with a large
number of
messages. The popular instant messaging clients contain protection against
flood-attacks
by allowing the victim to ignore certain users. However, there are many
tools that
allow the hacker to use many accounts simultaneously, or automatically
create a
large number of accounts to accomplish the flood-attack.
Phishing
The word phishing comes from the analogy that Internet scammers are using email
lures to
fish for passwords and financial data from the sea of Internet users. The term
was coined
in 1996 by hackers who were stealing AOL Internet accounts by
.jpg)
replacing “f'”
with “ph” the term phishing was derived.
Phishing Techniques
Phishing
techniques can be divided into different categories, some of which are elaborated
below:
Link manipulation
Most methods
of phishing use some form of technical deception designed to make a
link in an
email (and the spoofed website it leads to) appear to belong to the spoofed
organization.
Misspelled URLs or the use of sub domains are common tricks used by
Another
common trick is to make the anchor text for a link appear to be valid, when
the link
actually goes to the phishers' site.
An old
method of spoofing used links containing the '@' symbol, originally
intended as
a way to include a username and password (contrary to the standard). For
example, the
link
http://www.google.com@members.tripod.com/might deceive a
http://www.google.com@members.tripod.com/might deceive a
.jpg)
actually
directs the browser to a page on members.tripod.com, using a username of
www.google.com:
the page opens normally, regardless of the username supplied.
Such URLs
were disabled in Internet Explorer, while the Mozilla and Opera web
browsers
opted to present a warning message and give the option of continuing to the
site or canceling.
Filter evasion
Phishers have used images instead of text to make it harder for anti-phishing filters to
detect text
commonly used in phishing emails.
Website forgery
Once the victim visits the website the deception is not over. Some phishing scams use
JavaScript
commands in order to alter the address bar. This is done either by placing a
picture of a
legitimate URL over the address bar or by closing the original address bar
.jpg)
and opening
a new one with the legitimate URL.An attacker can even use flaws in a trusted website's own scripts against the
victim.
These types of attacks (known as cross-site scripting) are particularly
problematic,
because they direct the user to sign in at their bank or service's own web
page, where
everything from the web address to the security certificates appears
correct. In
reality, the link to the website is crafted to carry out the attack, although
it
is very
difficult to spot without specialist knowledge. Just such a flaw was used in
2006 against
Pay Pal.
A Universal
Man-in-the-middle Phishing Kit, discovered by RSA Security,
provides a
simple-to-use interface that allows a phisher to convincingly reproduce
websites and
capture log-in details entered at the fake site.
Phone phishing
.jpg)
Not all
phishing attacks require a fake website. Messages that claimed to be from a
Once the
phone number (owned by the phisher, and provided by a voice over IP
service) was
dialed, prompts told users to enter their account numbers and PIN. Voice
phishing
sometimes uses fake caller-ID data to give the appearance that calls come
from a
trusted organization.
Fake Web sites
Fake bank websites stealing account numbers and passwords have become
increasingly
common with the growth of online financial transactions. Hence, when
using online
banking, we should take precautions like using a secure encrypted
.jpg)
First, the
scammers create a similar website homepage; then they send out e-mails
with
enticing messages to attract visitors. They may also use fake links to link
internet
surfers to
their website. Next, the fake website tricks the visitors into entering their
personal
information, credit card information or online banking account number and
passwords.
After obtaining a user's information, the scammers can use the information
to drain the
bank accounts, shop online or create fake credit cards and other similar
crimes.
.jpg)
A technique
used to gain unauthorized access to computers, whereby the intruder
sends
messages to a computer with an IP address indicating that the message is
coming from
a trusted host. To engage in IP spoofing, a hacker must first use a variety
of
techniques to find an IP address of a trusted host and then modify the packet
headers so
that it appears that the packets are coming from that host.
A closely
interconnected and often confused term with phishing and pharming is
spoofing. A
"spoofer", in Internet terms, is defined generally as the
"cracker" who
alters, or
"forges", an e-mail address, passwords).
Spoofing Attacks Techniques
Spoofing
attacks can be divided into different categories, some of which are
elaborated
below:
Man-in-the-middle attack and internet protocol spoofing
An example from cryptography is the man-in-the-middle attack, in which an attacker
spoofs Alice
into believing they're Bob, and spoofs Bob into believing they're Alice,
thus gaining
access to all messages in both directions without the trouble of any.
Spyware
.jpg)
Spyware is
computer software that can be used to gather and remove confidential
information
from any computer without the knowledge of the owner. Everything the
surfer does
online, including his passwords, may be vulnerable to spyware. Spyware
can put
anyone in great danger of becoming a victim of identity theft.
Solutions
As the spyware threat has worsened, a number of techniques have emerged to
counteract
it. These include programs designed to remove or to block spyware, as
well as
various user practices which reduce the chance of getting spyware on a
system.
Nonetheless, spyware remains a costly problem. When a large number of
pieces of
spyware have infected a Windows computer, the only remedy may involve
backing up
user data, and fully reinstalling the operating system.
Security practices
To deter
spyware, computer users have found several practices useful in addition to
.jpg)
Many system
operators install a web browser other than IE, such as Opera or
Mozilla
Fire-fox. Although these have also suffered some security vulnerabilities,
their
comparatively small market share compared to Internet Explorer makes it
uneconomic
for hackers to target users on those browsers. Though no browser is
completely
safe, Internet Explorer is at a greater risk for spyware infection due to its
large user
base as well as vulnerabilities such as ActiveX.
Electronic Bulletin Boards
Chat rooms and electronic bulletin boards have become breeding grounds for identity
theft. When
criminals have obtained personal identifying information such as credit
card numbers
or social security numbers, they visit hacker chat rooms and post
messages
that they have personal information for sale.
Information Brokers
.jpg)
Information
brokers have been around for decades, however, a new breed of
information
broker has emerged in recent years; the kind that sells personal
information
to anyone requesting it electronically via the Internet Driven by greed,
some
information brokers are careless when they receive an order. They fail to
verify
the identity
of the requesting party and do little, if any, probing into the intended use
of the
information.
Internet Public Records
There are two ways public records are accessible electronically. Some jurisdictions
post them on
their government web sites, thereby providing free or low-cost access to
records.
Government agencies and courts also sell their public files to commercial
data
compilers and information brokers. They in turn make them available on a fee
basis,
either via web sites or by special network hookups.
Identity theft
.jpg)
The crime of identity theft and other types of fraud will be fueled by easy access to
personal
identifiers and other personal information via electronic public records. Such
information
includes Social Security numbers, credit card and bank account numbers,
and details
about investments.
Solutions
What can be done to mitigate the negative consequences of making public records
containing
personal information available on the Internet and from other electronic
.jpg)
the Internet
altogether. Indeed, they should not. The public policy reasons for making
public
records available electronically are irrefutable - promoting easier access to
government
services as well as opening government practices to the public and
fostering
accountability.
But there
are several approaches government agencies and court systems can take
to minimize
the harm to individuals when sensitive personal information is to be
posted on
the Internet while at the same time promoting government accountability.
Regulating the information broker industry
The information broker industry must be regulated. At present, information brokers
purchase
public records from local, state, and federal government agencies and
repackage
them for sale to subscribers. They add data files from commercial data
.jpg)
Requiring more accountability of the private investigator industry
The private investigator profession, a major user of public records information, must
be regulated
in those states where there are no oversight agencies. Further, existing
regulations
must be tightened and made uniform nationwide, perhaps by federal law.
Private
investigators must be held to strong standards regarding their access to and
use of
sensitive personal information. They should be held accountable when they
misuse
personal information.
this article is quit interested to the every one in the digital age...hope u like this article so leave this comment ...
0 comments :
Post a Comment