Chapter 6 Flashcards
Hacking
Unauthorized access, modification, or use of an electronic device or some element of a computer system.
Hijacking
Gaining control of someone else’s computer to carry out illicit activities, such as sending spam without the computer user’s knowledge
Botnet
A network of powerful and dangerous hijacked computers that are used to attack systems or spread malware
Zombie
A hijacked computer, typically part of a botnet, that is used to launch a variety of Internet attacks
Bot Herder
The person who creates a botnet by installing software on PCs that responds to the botherder’s electronic instructions
Denial of Service (DoS)
A computer attack in which the attacker sends so many e-mail bombs or web page requests, often from randomly generated false addresses, that the Internet service provider’s email server or the web server is overloaded and shuts down
Spamming
Simultaneously sending the same unsolicited message to many people, often in an attempt to sell them something
Dictionary Attack
Using special software to guess company e-mail addresses and send them blank e-mail messages. Unreturned messages are usually valid email addresses that can be added to spammer email list
Splog
Spam blogs created to increase a website’s Google Page Rank, which is how often a web page is referenced by other webpages
Spoofing
Altering some part of an electronic communication to make it look as if someone else sent the communication in order to gain the trust of the recipient
Email Spoofing
Making a sender address and other parts of an email header appear as though the email originated from a different source
Caller ID Spoofing
Displaying an incorrect number on the recipient’s caller ID display to hide the caller’s identity
IP address Spoofing
Creating Internet Protocol packets with a forged IP address to hide the sender’s identity or to impersonate another computer system
Address Resolution Protocol Spoofing
Sending fake ARP messages to an Ethernet LAN. ARP is a computer networking protocol for determining a network host’s hardware address when only its IP or network address is known
MAC address
A media access control address is a hardware address that uniquely identifies each node on a network
SMS spoofing
Using short message service to change the name or number a text message appears to come from
Web-page spoofing
phising
DNS spoofing
Sniffing the ID of a Domain Name System request and replying before the real DNS server
zero-day attack
An attack between the time a new software vulnerability is discovered and released into the wild and the time a software developer releases a patch to fix the problem
patch
Code released by software developers that fixes a particular software vulnerability
Cross Site Scripting
A vulnerability in dynamic web pages that allows an attacker to bypass a browser’s security mechanisms and instruct the victim’s browser to execute code, thinking that it came from the desired website
Buffer Overflow Attack
When the amount of data entered into a program is greater than the amount of the input buffer. The input overflow overwrites the next computer instruction, causing the system to crash.
SQL Injection Attack
Inserting a malicious SQL query in input such that it is passed to and executed by an application program. This allows a hacker to convince the application to run SQL code that it was not intended to execute.
Man-in-the-middle attack
A hacker placing himself between a client and a host to intercept communications between them.
Masquerading/Impersonation
Gaining access to a system by pretending to be an authorized user. This requires that the perpetrator know the legitimate user’s ID and passwords.
Piggybacking
1) Tapping into a communications line and electronically latching onto a legitimate user who unknowingly carries the perpetrator into the system. 2) The clandestine use of a neighbor’s Wi-Fi network. 3) An unauthorized person following an authorized person through a secure door, bypassing physical security controls.
Password Cracking
When an intruder penetrates a system’s defenses, steals the file containing valid passwords, decrypts them, and uses them to gain access to programs, files and data.
War Dialing
Programming a computer to dial thousands of phone lines serching for dial-up modem lines. Hackers hack into the PC attached to the modem and access the network to which it is connected.
War Driving
Driving around looking for unprotected home or corporate wireless networks.
War Rocketing
Using rockets to let loose wireless access points attached to parachutes that detect unsecured wireless networks.
Phreaking
Attacking phone systems to obtain free phone line access, use phone lines to transmit malware, and to access, steal, and destroy data.
Data Diddling
Changing data before or during entry into a computer system in order to delete, alter, add, or incorrectly update key system data
Data Leakage
The unauthorized copying of company data, often without leaving any indication that it was copied