Computer Science Unleashed: harness the power of computational by Wladston Ferreira Filho;Moto Pictet
Author:Wladston Ferreira Filho;Moto Pictet
Language: eng
Format: epub
Publisher: Code Energy LCC
Published: 2021-05-15T00:00:00+00:00
Figure 3.10 Courtesy of http://smbc-comics.com.
Social engineers operate like con artists: they can develop elaborate schemes in order to gain trust and access. The most common trick is called phishing. Itâs when the attacker forges an email that appears to come from a trusted source. Phishing emails typically link to a counterfeit website requesting secret information such as a password or credit card number. More sophisticated ones will contain malicious software hidden within an attachment.
THE DNC PHISHING During the 2016 United States presidential election, hostile hackers crafted a phishing email directed to a member of the DNC.24 The email warned of suspect Google account activity and urged the user to change the password. It included a link to a fake Google web page asking for the userâs login details. As soon as the user entered the password, the attackers got in and downloaded thousands of sensitive emails. Most of them were leaked to the public, causing considerable political damage and the resignation of several key politicians.
Attacks like these keep happening time and again. Itâs estimated that about 90% of all data leaks originate from a successful phishing attack. Thereâs also a variant of this attack vector called vishing: the hacker impersonates someone on the phone in order to obtain privileged information or access to computer systems.
THE CIA VISHING In 2015, a 15-year-old British hacker called Verizon and pretended to be a staff employee. He managed to obtain key information about a special Verizon customer: the director of the CIA.25 Using this information, the hacker was then able to impersonate the director himself on a call with AOL tech support. He correctly answered all security questions, and changed the directorâs email password. Ultimately, the young hacker gained access to key military and intelligence documents about CIA operations in Iraq and Afghanistan.
Social engineering can be mitigated first and foremost by educating the users of your systems on the importance of checking the authenticity of emails and web pages before disclosing any private information. It is also important to enforce strict identity verification for every user in your systems when they change their password or update some other security setting. But these precautions are not enough: in more sophisticated attacks, the victim only needs to click a web link or to open an attached document for the hacker to pwn the system.
Software Vulnerabilities
Programmers know that parts of their code doesnât always work exactly as intended. As software becomes complex, the different situations it handles grows exponentiallyâand so does the risk for an unexpected situation to occur where a combination of inputs lead to an unwanted behavior.
These unwanted behaviors may cause the system to crash. They may cause secret information to be exposed. In the worst case, an intruder might be allowed to execute any piece of code. We call the sequence of inputs that leads to such unwanted behaviors a vulnerability. Letâs now see some common types of vulnerabilities.
BROKEN ACCESS CONTROL This occurs when a system performs a potentially dangerous action without checking if
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
