Friday, February 3, 2012
Chapter 3
This chapter covered some of the different attacks hackers can use over and through networks. Many of them were covered in CIS-185 including SQL injection (using a server's weak, unfiltered password reset function to set up a logon ID) and XML injection (using tags to facilitate injection attacks). It went through how an attacker can use directory traversal to get access to areas to which they would not normally be able to enter. Client-side attacks are gaining prevalence, and include Iframe attacks, manipulating headers in HTTP, cookies, hijacking a web session by impersonating a user's session token and buffer overflow attacks which cause a computer to crash due to over-filling a computer's RAM. Lastly, network attacks are often used, and like the injection attacks, these were covered in depth in CIS-185. DOS attacks via ping or syn floods, man-in-the-middle attacks by an attacker inserting their own machine into the middle of a computer conversation, ARP and DNS poisoning (used by the chineese to suppress their own population's access to information) which redirects a user away from information they want censored and transitive access, or using a third user to gain access to a network are all common methods of network hacking attacks.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment