Engrish as a secon
A Bunch of Idiots
We Got a Rat
Tubby Lunchbox
Love Is In the Air
Bring on the Bacon
A Dolt: Script Clu
Stick it up your
Let's Just Call Je
You're Looking at

The Great White Sh
The last mile is c
Sleeping With the
MS Scarlett Feaver
Momma didn't raise
cookingwithai.com
Ready to Bite the
Tribal Lines Are B
Beg, Barter, Steal
This Camp is Curse
<<      >>
Darkweb entrapment and entrapment detection In 2006, a group of Carnegie Mellon researchers discovered that a network application called "Lava Flow" included code that redirected Internet users to fake versions of major websites. The sites imitated Facebook, MySpace, and Google. The researcher discovered the code by manually analyzing the Javascript code and determining where code was inserted. On 28 August 2007, a group of Carnegie Mellon researchers led by computer science doctoral candidate Daniel Bernstein were able to gain access to the Lava Flow site by using some simple social engineering tricks to disguise themselves as legitimate visitors and trick the server into giving them access. The hackers, who are students in Carnegie Mellon University's computer science department, were able to gain access to a hidden section of the code. The hackers also included two "man-in-the-middle" style attacks that were used to make the server believe that they were a valid site. The researchers noted that this attack method could be used to steal users' login credentials to various sites. The Lava Flow technique also allows for the creation of an "adversarial network," that involves a fake page that mimics the front page of a legitimate site, except for a single pixel difference in the URL. This trick fools most users and many web site security systems, but some security programs such as Google's Safe Browsing are able to detect this trick. This method was discovered in 2007 and since then, many sites have begun using this technique to trick users into submitting information to a fake site. If a user submits any information to the fake site, the hackers can retrieve the information by intercepting the request on the third-party server and re-directing the victim to the fake site. A security report by Sophos noted that there are many risks with these types of attacks, and it has been known since 1999 that it is possible to create an adversarial web site. However, not much has been done since then by the antivirus industry to help prevent this type of attack. Black-box model of security threats Another concept used to protect websites is the concept of black-box systems. Black-box refers to a black box model of security used for detecting security vulnerabilities. Black-box systems are used for scanning traffic between a client and a server and detecting whether the packets sent between the two are authentic or not. If a hacker sends fraudulent information to a website using the method of black-box security, the website's server will be unable to authenticate the information. The network packets will either be encrypted or they will have incorrect headers that will allow them to be detected. The same is true for any system using black-box security. RSS feeds Some websites, especially news websites, provide an RSS feed. These feeds typically contain the entire contents of a website as it was published at a given time, and can allow a user to subscribe to all updates on a website. The user can then read their feeds offline or use a web application for aggregating and organizing feeds. The user does not have to visit the website to read the news. A feed can be published as a XML file that can be read using a standard XML parsing application. Hackers can exploit RSS feeds for malicious purposes. On 10 May 2007, the BBC News website was hacked using an RSS feed that was published with malicious code. The hack was initiated by a user on PasteBin, a website that allows users to paste in text and other web content. The user pasted malicious code into a BBC News RSS feed that was distributed and then re-posted the code onto the BBC News website, which in turn allowed the hacker to insert links to pictures and MP3 files into the website's RSS feed. The pictures and MP3 files were replaced by the hacker with links to Malwarebytes.com, which had a backdoor Trojan that allowed the hacker to take full control of the infected computer. A malicious program called Fotoboto was also installed onto the infected computer to send spam, and collect sensitive information. This is just one example of how RSS feeds can be used to spread malware onto other computers. RSS feeds can be used to transmit spam. The hacker can use a RSS feed that tells the user to visit a link. Once the user clicks on the link, the hacker is automatically logged into a hidden part of the website. This way, the hacker doesn't have to know anything about the user's login information. In 2007, the users' login information was stolen in this way from a German website. See also Web 2.0 Malware Cybercrime Cybersecurity Internet Fraud Cyberstalking Cyveillance Internet security References Further reading Winkler, Christoph and Zittrain, Jonathan. The Future of the Internet and How to Stop It (Addison-Wesley, 2008) External links Category:Cybercrime Category:Cyberwarfare Category:Internet fraud Category:Internet security Category:Types of malware Category:Web 2.0 neologisms Category:Web security exploits