Wednesday, February 18, 2015

The Security Attacks Most People Have Never Heard Of

Smishing: Smishing or "SMS phishing" refers to a phishing attack that specifically targets mobile phones. The victim would receive an SMS with a hyperlink wherein a malware automatically finds its way in your phone or leads the user to a phishing site formatted for mobile screens. The term was brought on by David Rayhawk in a McAfee Avert Labs blog.
BlueBugging: A craze originally jumpstarted by a Malaysian IT Professional, bluebugging (not to be confused with bluesnarfing) allows a more skilled person to illegally access a cellular phone via Bluetooth wireless technology. This act often times goes unnoticed without any proper notification or alerting to the phone's user. A vulnerability such as this allows phone calls, SMS messages to be read and sent, phonebook contacts to be erased, phone conversations to be tapped, and other malicious activities. But much to the hacker's dismay [I think the hacker knows the limitations… perhaps the point is that widespread impact is minimized because of the range…], access is only attainable within a 10 meter range of the phone.
Pod Slurping: Coined by US security expert Abe Usher; Pod Slurping is when your iPod or any portable USB storage device begins to surreptitiously copy large amounts of files from your computer to its hard drive, it's engaged in something called "Pod Slurping". Pod slurping is becoming an increasing security risk to companies and government agencies. Typically, access is gained while the computer is unattended, and this process can occur in as little as 65 seconds.
Sidejacking: Sidejacking is a hacking technique used to gain access to your website specific accounts. Websites typically encrypt your password so it cannot be stolen, but then send you an unencrypted "session-id". The session-id is either some random data in the URL, or more often, random data in a HTTP cookie. A hacker who finds the session-id can then use it to gain access to the respective account. Thus enabling the hacker ability to read your email, look at what you've bought online, or control your social network account, and so on. Robert Graham, who pulled together a variety of known and new vulnerabilities and packaged them into an automated session snatcher, was responsible for this term.
Black Hat: "Black Hat" hackers are those people who specialize in unauthorized breaching of information systems, often times attacking those containing sensitive information. They may use computers to attack systems for profit, for fun, or for political motivations. Attacks often involve modification and/or destruction of data which is done without authorization. They also may distribute computer viruses, internet Worms and deliver spam through the use of botnets.
White Hat: A "White Hat" hacker describes an individual who identifies a security weakness in a computer system or network but, instead of maliciously taking advantage of it, exposes the weakness, and repairs the vulnerability protecting the network from unwarranted intrusions or attacks. The term is taken from old western films, where the white hat cowboy is portrayed as the hero, and the black hat as the villain.


1 comment: