Security + Password Attacks Flashcards
Birthday attack
the attacker tries to find two different input messages that produce the same hash value
, called a collision
Spraying attack
a type of brute force attack where a malicious actor attempts the same password
on **many accounts before moving on to another one and repeating the process.**
Dictionary attack
is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary
, or word list, as a password
Replay attack
*a network attack
* intercepts a network communication between two parties to delay, redirect, or repeat it.
For example, you enter a password to log into a social media platform. The hacker listens to this data transmission between your device and a server, captures the password, and then resends it to the server.
Brute-force attack
a **hacking method **that uses trial and error
to crack passwords, login credentials, and encryption keys.
Rainbow tables
a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database.
Applications don’t store passwords in plaintext, but instead encrypt passwords using hashes.
Plaintext/unencrypted
a type of attack in computer science where the attacker has knowledge of the plaintext and the corresponding ciphertext, which is then used to decrypt the rest of the ciphertext.
An attacker can use one unencrypted file from an encrypted archive, such as a ZIP file, to calculate the key needed to decrypt the entire archive.
Malicious flash drive
allow attackers to obtain a user’s passwords, access their devices, and even irreversibly damage their computer
Card cloning
a method used by criminals to steal credit card information and make unauthorized purchases. Fraudsters install devices on or inside ATMs, point-of-sale (POS) terminals, or fuel pumps to capture card data and PIN entries
Skimming
Fraudsters often use a device called a skimmer that can be installed at gas pumps or ATM machines
Collision
a situation when **
two or more data packets**
try to occupy the same network channel at the same time
Tainted training data for
attacker intentionally provides incorrect or biased data to the machine learning model during the training phase.
machine learning (ML)
AI
Supply-chain attacks
uses third-party tools or services —** *Attackers injected a backdoor into a popular software update of SolarWinds,
tricking user