Explain in a simpler way what are these attacks?

Asked

Viewed 254 times

5

I would like to know in a more simplified way what these types of attacks are.

  • Keylogger
  • Brute force attack
  • Cryptanalysis of rubber hose
  • Sql Injection

And please, if you could go deeper into the matter, you could give me a simple example of how to protect yourself from them. I am creating a website for a company and would like to better understand them and how to protect myself. Thank you

  • I’ve read several stories about the 4 types of problems but I need to know better, if anyone can help me, I appreciate.

  • 2
  • 2
  • 2

    It’s good to read the content already present on the site, so you can honor those who have endeavored to bring the content in the sense that you are looking for.

  • Wouldn’t it be better to create a separate question for each type of attack? Renan’s answer summarizes well, but some things could be much more detailed (there is much to be said about brute force attacks, for example), and you can’t do this with "4 questions in 1"...

2 answers

13


  • Keylogger:

It occurs when someone uses hardware or software to record each key the user used. The attacker can then do a text analysis to find user names, passwords, bank account numbers etc.

How to defend yourself: use anti-virus to protect yourself from the software version, since it is malware. The hardware version is very rare - it is a little device that is in the USB port, between the keyboard and the computer. This is easier to solve, just throw away the keylogger if you find it.

  • Brute force attack

It’s about testing passwords until one goes right. Many systems today have automatic protections against this type of attack. If you miss the password five times in a row on an iPhone with the most current iOS, for example, your phone erases all :D files

This attack works best against systems that do not limit the maximum amount of password errors, and if the attacker has physical machine access.

How to defend yourself: ensure a minimum complexity of passwords. It doesn’t hurt who misses the password more than a few times.

  • Cryptanalysis of rubber hose

This is the oldest method of attack of all to obtain confidential information. It’s about kicking a user’s ass until they tell him their passwords and other confidential information.

How to defend yourself: train your users in martial arts and handling firearms. False teeth with cyanide capsules are an option for team members who are weaker physically.

  • Sql Injection

It’s about exploiting a general programming flaw committed by people who have discovered what SQL is not long ago. It occurs when a program passes to an SQL query a data informed by the user, without making any treatment about this input.

How to defend yourself: never leave your system in the hands of just a beginner. The development team needs to have at least one experienced professional to avoid not only this, but also other types of programming failures that can be caused by lack of experience.

  • About SQL Injection, it doesn’t just happen with @Renan beginners, to various types of SQL Injection, error based, Union based, blind. Any system can be vulnerable, some more than others. Here are two very interesting videos about this: https://www.youtube.com/watch?v=eUv9XPgeUww , https://www.youtube.com/watch?v=qBVThFwdYTc

  • @Miguel all these types of injection are possible when the code has extremely basic vulnerabilities. I keep thinking they’re beginner stuff. In the company where I work we perform skill tests before hiring anyone. If the candidate exposes the code to any threat of SQL injection - no matter the type - we offer no more than a traineeship.

1

Friend and simple A brute force attack is nothing more than a bot or a network of bots (robots) that try by the method "trial and error" to hit your password. Getting access he captures your password and comes back later through a hack, in a way through the front door of your site. How to protect yourself: often create and exchange strong passwords, containing at least 8 characters, upper and lower case letters, numbers and special characters (!@#$%ˆ&*), and not putting words known or easy to discover, even if they are totally random. keep your computer (especially if running Windows OS on it in any version) clean and away from viruses, with frequent checks with good antivirus (that free antivirus doesn’t always solve). never, ever save passwords on your computer or ask the browser/browser to save for future access.

keylogger: (or keystroke logger), although often understood as spyware, is a computer program whose purpose is to record everything that is typed on a keyboard, most often aiming to capture passwords, credit card numbers and other important information. It has a typical functioning of viruses, as it is installed and acts without the user noticing its presence. How to protect yourself: Maintaining an up-to-date antivirus is critical, even more so today when we are almost all connected to the internet, downloading files, exchanging music, videos and testing programs and games.

Sql Injection: is an attack consisting of inserting (known as an injection) a query via a web application. Locaweb always takes every precaution regarding updates to avoid any security breaches on the websites hosted. However sometimes vulnerabilities arise that are exploited through programming, not advancing the precautions we take. Such vulnerabilities are present in codes (ASP, PHP, etc.) placed by the clients themselves. This is the case with "SQL Injection", a loophole through which an attacker can execute arbitrary queries or statements on a relational basis via "injection" of commands into form fields. How to protect yourself: Using the addslashes() function has the same effect as enabling Magic Quotes, but only applies where convenient. What it does is put an escapement character before single or double quotes, before the backslash and the NULL character. Using 'Prepared statements' instead of the SQL code itself assigning all other prevention measures to use this, would give us more performance and security, besides being simpler to read and write. However, it can only be used in SELECT, INSERT, UPDATE, REPLACE, DELETE and CREATE TABLE. $login = $_GET['login'] $query = "SELECT * FROM records where login = '$login'"; It would look like this: $query = "SELECT * FROM records WHERE login = OR 1";

Rubber hose cryptanalysis: In cryptography, rubber hose cryptanalysis is the extortion of cryptographic secrets (e.g., the password to an encrypted file) of a person by coercion or torture,[1] [2] in contrast to the attack of mathematical or technical cryptanalysis. Euphemism refers to striking someone with a rubber hose until they cooperate. How to protect yourself: Training users for any kind of torture.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.