Common types of computer attacks
There are 4 main types of cookies (session, performance, functionality and targeting). In the EU web sites must, by law, display a cookie banner to ask for a person’s permission before cookies are used. Everyone has the right to allow or deny cookies. But if we accept and use computer cookies then is there a risk of cookie misuse?
A reflected XSS attack executes a script on the client that can be read by the client’s cookie. This cookies’ contents can send its value to the attacker (reflection) and the attacker can impersonate the client without obtaining the cookie by sending a XMLHTTPRequest. Such commands usually use “get” or “post” to obtain client data.
The best way to overcome a reflected XSS attack is to: utilise the browser’s security settings and policy by using permission zones and setting them accordingly, secondly, use a cross site request forgery, meaning cookies must be sent from the same origin policy from the client.
Today internet service providers literally provide you with an internet connection, however, surfing the web on the “naked” internet opens you up to even more vulnerability. You should therefore make use of virtual private networks (VPN) and proxy servers. Surfing safely allows your data to be more secure.
Lately Edward Snowden has revealed that NSA and GCHQ (UK) have been working on cracking a VPN’s secure setting. This is a complex task but it is possible because encryption is simply a bunch of complex numbers that, once cracked, can be analysed for any purposes. As technology progresses so too does misuse.
Main computer attacks
Sniffing refers to those who use their “naked” online connection sent by internet providers. To do this hackers sniff mentioned network devices if using URL based session IDs. Recently Google started encrypting their searches, and other search engines followed, which meant that HTTP became HTTPS (secure) and thus can reduce search engine sniffing.
Redirection occurs whenever information is sent back to a web server, as well as, redirecting it to the hacker. Redirection can occur from HTTP REFERER or CSS.
Would you like to add to the main types of computer attacks above? Tweet Gerald.
Posted by Gerald Murphy
- Gollmann, D. (2008) Securing web applications. Information Security Technical report. 13 [volume number missing] pp. 1–9
- Morgan, D. (2006) Maintaining state in web applications. Network Security. [volume and issue numbers missing] pp. 16–18