D1 - Discuss Recent Network Threats
Cross-Site Scripting (XSS)
Cross-Site Scripting is a computer security vulnerability that is mostly found in web applications. XSS allows attackers to inject client-side scripts into web pages that are then viewed by others. The people that view this web page can then be infected without even knowing as the page appears to be normal. Depending on what scripts the attacker uses the effects can range from something very minor to a major security risk. XSS can be used to gain control and bypass the authorisation process.
SQL Injection
SQL Injection is a technique used to attack data driven applications and is implemented by adding parts of SQL statements in to entry fields within a website.This is done in an attempt to get the website to accept a newly formed rouge SQL command to the database. SQL injection is a code injection technique that exploits a security vulnerability in an applications software. The vulnerability occurs when the user input field is incorrectly filtered. SQL commands can change database content or allow the hacker to access database information such as credit card details or passwords. To prevent this type of attack all entry fields must be correctly filtered to disallow any scripts running.
Google Hacking
The Google Hacking Database (GHDB) is a database of queries that can identify sensitive data. Google does try and prevent hackers from gaining access to this information but it is still possible to do so. Using this information hackers can essentially see a list of websites that may be vulnerable to attack. The database contains information such as log in portal pages, passwords and sensitive directories.
Recent Security Breaches
Twitter
On The 1st of February 2013, Twitter announced it had been subjected to unauthorised access attempts over the course of a week. Attackers were trying to gain user account
information such as usernames, email addresses, session tokens, and encrypted versions of passwords. Twitter said approximately 250,000 users accounts were breached including those of corporate employees and reporters. Twitter said the attack was not the work of amateurs, and the methods used were extremely sophisticated.
Yahoo
In July 2012, Yahoo announced that over 450,000 email addresses and passwords had been stolen from the companies database and posted publicly online. It was later discovered that Yahoo stored these usernames and passwords without any encryption at all, making them very easy for a hacker to get hold of. As well has having their email account compromised, Some Yahoo customers later realised there were even more problems as many of the hacked usernames and passwords were identical to those used in other website accounts, such as PayPal or online banking accounts.
Cross-Site Scripting is a computer security vulnerability that is mostly found in web applications. XSS allows attackers to inject client-side scripts into web pages that are then viewed by others. The people that view this web page can then be infected without even knowing as the page appears to be normal. Depending on what scripts the attacker uses the effects can range from something very minor to a major security risk. XSS can be used to gain control and bypass the authorisation process.
SQL Injection
SQL Injection is a technique used to attack data driven applications and is implemented by adding parts of SQL statements in to entry fields within a website.This is done in an attempt to get the website to accept a newly formed rouge SQL command to the database. SQL injection is a code injection technique that exploits a security vulnerability in an applications software. The vulnerability occurs when the user input field is incorrectly filtered. SQL commands can change database content or allow the hacker to access database information such as credit card details or passwords. To prevent this type of attack all entry fields must be correctly filtered to disallow any scripts running.
Google Hacking
The Google Hacking Database (GHDB) is a database of queries that can identify sensitive data. Google does try and prevent hackers from gaining access to this information but it is still possible to do so. Using this information hackers can essentially see a list of websites that may be vulnerable to attack. The database contains information such as log in portal pages, passwords and sensitive directories.
Recent Security Breaches
On The 1st of February 2013, Twitter announced it had been subjected to unauthorised access attempts over the course of a week. Attackers were trying to gain user account
information such as usernames, email addresses, session tokens, and encrypted versions of passwords. Twitter said approximately 250,000 users accounts were breached including those of corporate employees and reporters. Twitter said the attack was not the work of amateurs, and the methods used were extremely sophisticated.
Yahoo
In July 2012, Yahoo announced that over 450,000 email addresses and passwords had been stolen from the companies database and posted publicly online. It was later discovered that Yahoo stored these usernames and passwords without any encryption at all, making them very easy for a hacker to get hold of. As well has having their email account compromised, Some Yahoo customers later realised there were even more problems as many of the hacked usernames and passwords were identical to those used in other website accounts, such as PayPal or online banking accounts.