Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Ass 3

    Încărcat de

    Yaser Harara
    13 vizualizări2 pagini

    Titlu original

    ass3.docx

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    13 vizualizări2 pagini

    Ass 3

    Încărcat de

    Yaser Harara

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 2

    -Distinguish between in-the-middle attacks user, page, man (middle,

    browser)

    A man-in-the-browser attack is an example of malicious code


    that has infected a
    browser. Code inserted into the browser can read, copy, and
    redistribute anything the user
    enters in a browser. The threat here is that the attacker will
    intercept and reuse credentials
    to access financial accounts and other sensitive data.

    A page-in-the-middle attack is another type of browser attack


    in which a user is
    redirected to another page. Similar to the man-in-the-browser
    attack, a page attack might
    wait until a user has gone to a particular web site and present
    a fictitious page for the user.
    As an example, when the user clicks “login” to go to the login
    page of any site, the attack
    might redirect the user to the attacker’s page, where the
    attacker can also capture the
    user’s credentials.

    User-in-the-Middle
    A different form of attack puts a human between two
    automated processes so that the
    human unwittingly helps spammers register automatically for
    free email accounts
    Explain how mobile is subject to main in the middle attack

    Man in the middle attack is not something new. They have been around for a
    few years now but have been mostly restricted to computers and laptops. With
    mobile growing at a fast pace, there has been a shift in emphasis to hacking
    mobile devices. This is particularly worrying as this gives access to a lot of
    information like personal identity, location, messages. In fact, hackers can also
    eavesdrop on conversations.
    Mobile apps need to communicate with remote servers in order to function, and
    most use HTTPS to do so securely. Problems arise however when apps fail to
    use standard authentication methods properly. Some, for example, don’t
    reliably check the certificate that proves a server is what it says it is. Others fail
    to properly verify their server’s hostname.
    To be secure, mobile apps have to validate the hostname, ensure the certificate
    matches the server’s hostname, and ensure the certificate is trusted by a valid
    root authority.

    S-ar putea să vă placă și