Module 3 - Attacks through Browsers and Add-on Modules Flashcards
1
Q
Browser Vulnerabilities
A
- all have
- rely on users to upgrade to new versions and install patches
2
Q
Browser Helper Objects (BHOs)
A
- extend functionality of browser, e.g. open PDFs, render graphics, play movies
- popular as targets
- not patched as often as browsers
3
Q
Access via Browser
A
- intrusions launched through browsers and BHOs frequently have same level of permission as user account
4
Q
Browser Intrusion Artifacts (4)
A
- internet cache
- account temp directory
- Windows registry
- Java Runtime Environment (JRE) files
5
Q
Browser Attacks (method examples)
A
- exploit configurations
- change default home page
- install toolbar
6
Q
IE Home Page Setting
A
\Software\Microsoft\Internet Explorer\Main\Start Page
7
Q
IE Add-ons
A
Internet Options
Manage Add-Ons
8
Q
Safari Extensions
A
Preferences
Extensions
9
Q
Java Runtime Environment (definition)
A
runtime portion of Java software (only thing needed to run Java via web browser)
10
Q
JRE (parts)
A
- Java Virtual Machine (JVM)
- Java platform core classes
- Java platform libraries (supporting libraries)
11
Q
Java plug-in (definition)
A
- component of JRE
- allows applets written in Java to run inside browsers
- not standalone program -> cannot be installed separately.
12
Q
XSS
A
Cross Site Scripting (both client and server)
- loading attacked, 3rd party web app from unrelated attack site -> in manner that executes fragment of JavaScript prepared by attacker.
- now also other modes of code injection, including ActiveX, Java, VBScript, Flash, or HTML scripts
13
Q
XSS Persistent
A
- less common
- data (from attacker) saved by server and permanently displayed on “normal” pages without proper HTML escaping
14
Q
XSS non-persistent
A
- more common
- data provided by web client (HTML query parameters or form submissions) used by server-side scripts to parse and display results to user without properly sanitizing the request.
15
Q
Artifacts for XSS
A
- emails (for links)
- web page caches (for links)
- web server logs
