Chapter 4

Question 1

Man-in-the-browser

Answer 1

Trojan horse that intercepts data passing through the browser

Question 2

Key logger

Answer 2

Hardware or software based to log all keystrokes

Question 3

Page-in-the-middle

Answer 3

Redirects the request for a real website to a fictitious one

Question 4

Program download substitution

Answer 4

Instead of the program or in addition to it the user downloads malicious software

Question 5

User-in-the-middle

Answer 5

Puts a human in the middle of two automated process to so that the human helps with defeating a process like a CAPTCHA

Question 6

Out-of-band-communication

Answer 6

Transferring different facts along different communication paths

Question 7

Website defacement

Answer 7

Attacker modifies or replaces content of a legitimate website

Question 8

Fake website

Answer 8

Impersonate the real website

Question 9

Fake code

Answer 9

Programs that advertise one thing but do something different

Question 10

Integrity checksum

Answer 10

A hash code which is a mathematical function that reduces a block of data to bits. Using tripwire we can check that all files match the original hash

Question 11

Signed code

Answer 11

A digital signature can vouch for the code or data

Question 12

Web content substitution

Answer 12

Replace some part of a website with something else that’s harmful like a PDF or toolbar

Question 13

Web bug

Answer 13

A tiny image 1x1 pixel used for tracking across multiple domains

Question 14

Clickjacking

Answer 14

Tricking a user into clicking a link by disguising what the link points to

Question 15

Drive by download

Answer 15

Downloading and installing code other than what the user expects