Week 4: Security Attacks Flashcards
Describe Salting
Adding an additional string of text to a password before it is passed through a hashing algorithm. ensures each hashed value is unique, negates possibility that one compromised password becomes a security risk for another user who may have the same password since they would have the same hash value without hashing
Describe what a DDoS is
When traffic to a server is becomes too much for it to handle it can cause the server, service or network to go down which could happen through genuine reasons such as going viral, but it can be simulated through a distributed denial of service attack, malicious attempt to disrupt the normal traffic of a targeted server, could be done using botnets.
technical, legal and ethical responses of DDoS attack
technical:
hard to track the attacker
it’s easy for anyone to do it
a response can include flexible server hosting
Legal:
if done from a foreign country it’s hard to prosecute
responsibility? computers used don’t belong to the attacker
form of protest - it’s similar to just stop oil protests
how do you measure severity
Ethical:
what if protests are against oppressive regimes
What is an Advance Fee Fraud
When someone pays for something but isn’t guaranteed to receive it;
false listings
spam emails
What is phishing
Phishing involves attackers directing users to a malicious website that mimics a legitimate one, like a banking site. The goal is to trick users into entering personal information, such as login details.
What is an example of how phishing disguises itself?
A phishing site may use a deceptive URL, such as “H5BC” instead of “HSBC,” to appear legitimate.
How do phishing attacks reach users?
Phishing attempts often arrive via spam emails or SMS messages. Some well-known examples include scammers pretending to be the Royal Mail in the UK.
What is spear phishing?
Spear phishing is a targeted attack where customized emails or code are used to impersonate a trusted source, like a company’s HR, to trick specific individuals.
Why is spear phishing harder to prevent?
It can bypass spam filters and antivirus protection by appearing more personalized and trustworthy.
What is pharming?
Pharming redirects users to malicious sites by exploiting cracked DNS servers, even if the entered URL looks legitimate.
How does HTTPS help protect against pharming?
HTTPS provides encryption and validation, ensuring that users connect to the intended legitimate server.
What is baiting?
Baiting involves leaving a physical device, like a USB stick, that contains malicious software. When someone uses it, the malware executes.
Why is baiting effective?
It exploits human curiosity or altruism, such as someone trying to return a “lost” USB stick.
What is ransomware?
Ransomware encrypts a victim’s hard drive, making data inaccessible unless a ransom (often in cryptocurrency) is paid.
What are the consequences of ransomware attacks?
Victims lose data permanently if they don’t pay, and they may violate data protection laws like GDPR if personal data is compromised.
