Explain in a simpler way what these attacks are?
I would like to know in a more simplified way what these types of attacks are.
- Keylogger
- brute force attack
- rubber hose cryptanalysis
- Sql injection
And please if you can delve further into the subject, could you tell me a simple example of how to protect yourself from them. I am creating a website for a company and would like to better understand them and how to protect myself. Thank you
2 answers
- Keylogger :
Occurs when someone uses hardware or software to log each key the user has used. The attacker can then scan the texts to find usernames, passwords, bank account numbers, etc.
How to defend yourself: use anti-virus to protect yourself from the software version, since it is malware. The hardware version is very rare - it is a little device that is on the USB port, between the keyboard and the computer. This one is easier to solve, just throw the keylogger away in case you find it.
- brute force attack
It's about testing passwords until one works. Many systems nowadays have automatic protections against this type of attack. If you miss the password five times in a row on an iPhone with the most current iOS, for example, the phone erases all files: D
This attack works best against systems that do not limit maximum amount of password errors, and if the attacker has physical access to the machine.
How to defend yourself: ensure minimum password complexity. It does not forgive anyone who mistakes the password more than a few times.
- rubber hose cryptanalysis
This is the oldest method of attack of all to obtain confidential information. It is about filling a user with a beating until he says the passwords and other information confidential.
How to defend yourself: train your users in martial arts and firearms handling. False teeth with cyanide capsules are an option for team members who are weaker physically.
- Sql Injection
Is about exploiting a general programming flaw committed by people who discovered what SQL is not long ago. Occurs when a program passes to a SQL query a user-informed data, without doing any treatment on that input .
How to defend yourself: never leave your system in the hands of only a beginner. The development team needs to have at least one experienced professional to avoid not only this, but also other types of programming failures that can be caused by lack of experience.
Friend and simple A brute force attack is nothing more than a bot or a network of bots (robots) that try by the "trial and error" method to correct your password. Gaining access it captures your password and comes back later through a hack, in a way through the front door of your website. How to protect yourself: frequently create and Exchange strong passwords, containing at least 8 characters, uppercase and lowercase letters, numbers and special characters (!@#% % ˆ&*), and not putting words known or easy to discover, even better if they are totally random. keep your computer (especially if it runs the Windows operating system in any version) clean and away from viruses, with frequent checks with good antiviruses(that free antivirus does not always solve). never, ever and under any circumstances save passwords on your computer or ask for the browser / browser to save for future accesses.
Keylogger: (or keylogger keys), although often understood as spyware, is a computer program whose purpose is to record everything that is typed on a keyboard, most often aiming to capture passwords, credit card numbers and other important information. It has a typical functioning of viruses, since it is installed and acts without the user noticing its presence. How to protect yourself: keeping an antivirus up to date is key, even more so today when we are almost all the time connected to the internet, downloading files, exchanging music, videos and testing programs and games.
Sql Injection: is an attack that consists of inserting (known as injection) a query via web application. Locaweb always takes all precautions regarding updates to avoid any security breaches on hosted websites. However, sometimes vulnerabilities arise that are exploited through programming, nothing ahead of the precautions we take. It vulnerabilities are present in codes (ASP, PHP, etc.) placed by the customers themselves. This is the case with "SQL Injection", a loophole through which an attacker can execute arbitrary queries or statements on a relational basis via" injection " of commands into form fields. How to protect yourself: using the addslashes () function has the same effect as enabling magic quotes, but only applies where it is convenient. What it does is put a escapes character before the single quotes or double, before the backslash and the NULL character. Using 'prepared statements' instead of the SQL code itself assigning all other prevention measures to use this one, would give us more performace and security, as well as being simpler to read and write. However, it can only be used in SELECT, INSERT, UPDATE, REPLACE, DELETE and CREATE TABLE. $login = $_GET ['login'] $query = "SELECT * from Records where login = '$login'"; It would look like this: $query = " SELECT * from registries where login = OR 1";
Rubber hose cryptanalysis: in cryptography, rubber hose cryptanalysis is the extortion of cryptographic secrets (for example, the password to an encrypted file) of a person by coercion or torture,[1] [2] in contrast to the attack of mathematical or technical cryptanalysis. The understatement refers to striking someone with a rubber hose until she cooperates. How to protect yourself: training users for any type of torture.